{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4823,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:56.632807155Z | 26 | PC: 12aba | Set disk transfer address |
| 2018-12-25T11:52:56.634794687Z | 78 | PC: 12ac1 | Find first file |
| 2018-12-25T11:52:56.64250661Z | 79 | PC: 12ac1 | Find next file (See above) |
| 2018-12-25T11:52:56.645722504Z | 79 | PC: 12ac1 | Find next file (See above) |
| 2018-12-25T11:52:56.648883956Z | 61 | PC: 12ad3 | Open file (Filename = 'HELLO.COM') |
| 2018-12-25T11:52:56.66758367Z | 63 | PC: 12b05 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:56.681139246Z | 66 | PC: 12ae2 | Move file pointer |
| 2018-12-25T11:52:56.683208062Z | 44 | PC: 12b1f | Get time 0x12b1f: xor dx, cx 0x12b21: xor dl, dh 0x12b23: mov cx, 0xfd 0x12b26: mov ax, 0x101 0x12b29: cmp dl, 3 0x12b2c: ja 0x12b35 0x12b2e: mov word ptr [di + 0x41], 0x75b1 0x12b33: mov cl, 0x75 0x12b35: xor word ptr [di + 0xd], ax 0x12b38: ror dl, 1 0x12b3a: jae 0x12b4f 0x12b3c: xor byte ptr [di + 3], al 0x12b3f: ror dl, 1 0x12b41: jae 0x12b49 0x12b43: xor byte ptr [di + 6], 2 0x12b47: jmp 0x12b59 0x12b49: xor byte ptr [di + 7], 9 0x12b4d: jmp 0x12b59 0x12b4f: xor byte ptr [di + 0xa], al 0x12b52: ror dl, 1 |
| 2018-12-25T11:52:56.687810143Z | 64 | PC: 12b05 | Write file or device (See above) |
| 2018-12-25T11:52:56.692541735Z | 66 | PC: 12af0 | Move file pointer |
| 2018-12-25T11:52:56.694737992Z | 64 | PC: 12b05 | Write file or device (See above) |
| 2018-12-25T11:52:56.698746717Z | 62 | PC: 12afc | Close file |
| 2018-12-25T11:52:56.730176689Z | 26 | PC: 12b05 | Set disk transfer address (See above) |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":4,"TimeBased":true,"OriginalID":4823,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:56.656239148Z | 26 | PC: 12aba | Set disk transfer address |
| 2018-12-25T11:52:56.658886004Z | 78 | PC: 12ac1 | Find first file |
| 2018-12-25T11:52:56.665542221Z | 79 | PC: 12ac1 | Find next file (See above) |
| 2018-12-25T11:52:56.668422287Z | 79 | PC: 12ac1 | Find next file (See above) |
| 2018-12-25T11:52:56.672358607Z | 61 | PC: 12ad3 | Open file (Filename = 'HELLO.COM') |
| 2018-12-25T11:52:56.678841138Z | 63 | PC: 12b05 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:52:56.685317595Z | 66 | PC: 12ae2 | Move file pointer |
| 2018-12-25T11:52:56.6873877Z | 44 | PC: 12b1f | Get time 0x12b1f: xor dx, cx 0x12b21: xor dl, dh 0x12b23: mov cx, 0xfd 0x12b26: mov ax, 0x101 0x12b29: cmp dl, 3 0x12b2c: ja 0x12b35 0x12b2e: mov word ptr [di + 0x41], 0x75b1 0x12b33: mov cl, 0x75 0x12b35: xor word ptr [di + 0xd], ax 0x12b38: ror dl, 1 0x12b3a: jae 0x12b4f 0x12b3c: xor byte ptr [di + 3], al 0x12b3f: ror dl, 1 0x12b41: jae 0x12b49 0x12b43: xor byte ptr [di + 6], 2 0x12b47: jmp 0x12b59 0x12b49: xor byte ptr [di + 7], 9 0x12b4d: jmp 0x12b59 0x12b4f: xor byte ptr [di + 0xa], al 0x12b52: ror dl, 1 |
| 2018-12-25T11:52:56.691089199Z | 64 | PC: 12b05 | Write file or device (See above) |
| 2018-12-25T11:52:56.69364412Z | 66 | PC: 12af0 | Move file pointer |
| 2018-12-25T11:52:56.694880772Z | 64 | PC: 12b05 | Write file or device (See above) |
| 2018-12-25T11:52:56.697713248Z | 62 | PC: 12afc | Close file |
| 2018-12-25T11:52:56.710696899Z | 26 | PC: 12b05 | Set disk transfer address (See above) |