{"DateBased":true,"Day":11,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4638,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:37.144361661Z | 42 | PC: 12c6a | Get date 0x12c6a: cmp dx, 0xb0b 0x12c6e: je 0x12c7a 0x12c70: cmp byte ptr [9], 0x1e 0x12c75: nop 0x12c76: nop 0x12c77: jmp 0x12e1b 0x12c7a: push ds 0x12c7b: mov ds, word ptr [0x367] 0x12c7f: xor si, si 0x12c81: mov ax, word ptr [si + 0x2c] 0x12c84: mov ds, ax 0x12c86: pop es 0x12c87: mov di, 0x4ad 0x12c8a: lodsb al, byte ptr [si] 0x12c8b: cmp al, 0 0x12c8d: jne 0x12c8a 0x12c8f: lodsb al, byte ptr [si] 0x12c90: cmp al, 0 0x12c92: jne 0x12c8a 0x12c94: add si, 2 |
| 2018-12-25T11:52:37.14711054Z | 67 | PC: 12ccd | Get or set file attributes |
| 2018-12-25T11:52:37.164485733Z | 61 | PC: 12cd2 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-25T11:52:37.170818769Z | 64 | PC: 12cae | Write file or device (Write 119 bytes on handle 5) |
| 2018-12-25T11:52:37.186525278Z | 66 | PC: 12cb7 | Move file pointer |
| 2018-12-25T11:52:37.188784173Z | 64 | PC: 12cbd | Write file or device (Write 0 bytes on handle 5) |
| 2018-12-25T11:52:37.196857981Z | 87 | PC: 12ce2 | Get or set file date and time |
| 2018-12-25T11:52:37.198990062Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T11:52:37.206348236Z | 67 | PC: 12cf2 | Get or set file attributes |
| 2018-12-25T11:52:37.210858349Z | 37 | PC: 12eaf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:37.212254019Z | 26 | PC: 12ebd | Set disk transfer address |
| 2018-12-25T11:52:37.21359483Z | 9 | PC: 12c22 | Display string (Could not find end pointer) |
| 2018-12-25T11:52:37.21975105Z | 76 | PC: 12c28 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4638,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:38.485457605Z | 42 | PC: 12c6a | Get date 0x12c6a: cmp dx, 0xb0b 0x12c6e: je 0x12c7a 0x12c70: cmp byte ptr [9], 0x1e 0x12c75: nop 0x12c76: nop 0x12c77: jmp 0x12e1b 0x12c7a: push ds 0x12c7b: mov ds, word ptr [0x367] 0x12c7f: xor si, si 0x12c81: mov ax, word ptr [si + 0x2c] 0x12c84: mov ds, ax 0x12c86: pop es 0x12c87: mov di, 0x4ad 0x12c8a: lodsb al, byte ptr [si] 0x12c8b: cmp al, 0 0x12c8d: jne 0x12c8a 0x12c8f: lodsb al, byte ptr [si] 0x12c90: cmp al, 0 0x12c92: jne 0x12c8a 0x12c94: add si, 2 |
| 2018-12-25T11:52:38.4881156Z | 53 | PC: 12e21 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:38.489457154Z | 37 | PC: 12e31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:38.490549486Z | 47 | PC: 12e35 | Get disk transfer address |
| 2018-12-25T11:52:38.491634402Z | 71 | PC: 12e49 | Get current directory |
| 2018-12-25T11:52:38.495070993Z | 26 | PC: 12cfa | Set disk transfer address |
| 2018-12-25T11:52:38.496284614Z | 78 | PC: 12d04 | Find first file |
| 2018-12-25T11:52:38.503734044Z | 67 | PC: 12ccd | Get or set file attributes |
| 2018-12-25T11:52:39.462330546Z | 61 | PC: 12cd2 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:52:39.470054939Z | 63 | PC: 12d54 | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:52:39.473069646Z | 66 | PC: 12dc3 | Move file pointer |
| 2018-12-25T11:52:39.475476248Z | 64 | PC: 12dcd | Write file or device (Write 821 bytes on handle 5) |
| 2018-12-25T11:52:39.524721005Z | 66 | PC: 12deb | Move file pointer |
| 2018-12-25T11:52:39.526279242Z | 64 | PC: 12df5 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-25T11:52:39.529826417Z | 87 | PC: 12ce2 | Get or set file date and time |
| 2018-12-25T11:52:39.531425324Z | 62 | PC: 12ce6 | Close file |
| 2018-12-25T11:52:39.603464396Z | 67 | PC: 12cf2 | Get or set file attributes |
| 2018-12-25T11:52:39.607876385Z | 79 | PC: 12e0d | Find next file |
| 2018-12-25T11:52:39.610173697Z | 0 | PC: 12e53 | Program terminate |