{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4914,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:14.517111736Z | 47 | PC: 132cb | Get disk transfer address |
| 2018-12-25T11:53:14.526435887Z | 26 | PC: 132d7 | Set disk transfer address |
| 2018-12-25T11:53:14.52747264Z | 78 | PC: 132ef | Find first file |
| 2018-12-25T11:53:14.533354426Z | 61 | PC: 13361 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:53:14.540208689Z | 63 | PC: 1336e | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:53:14.543085721Z | 66 | PC: 133cc | Move file pointer |
| 2018-12-25T11:53:14.545229178Z | 64 | PC: 1343c | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-25T11:53:14.549354067Z | 64 | PC: 13447 | Write file or device (Write 566 bytes on handle 5) |
| 2018-12-25T11:53:14.56292497Z | 66 | PC: 13450 | Move file pointer |
| 2018-12-25T11:53:14.564207863Z | 64 | PC: 1345b | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T11:53:14.566779133Z | 62 | PC: 1345f | Close file |
| 2018-12-25T11:53:14.575264965Z | 79 | PC: 132ef | Find next file (See above) |
| 2018-12-25T11:53:14.577633558Z | 59 | PC: 132f9 | Change current directory |
| 2018-12-25T11:53:14.582525515Z | 42 | PC: 132ff | Get date 0x132ff: cmp dl, 0x1f 0x13302: je 0x1330e 0x13304: cmp dl, 0xd 0x13307: je 0x1330e 0x13309: je 0x1330e 0x1330b: jmp 0x13464 0x1330e: mov ah, 0x2c 0x13310: int 0x21 0x13312: cmp dh, 0x1e 0x13315: jb 0x1331a 0x13317: jmp 0x13464 0x1331a: mov cx, 5 0x1331d: mov al, 7 0x1331f: int 0x29 0x13321: loop 0x1331d 0x13323: mov ah, 0x39 0x13325: lea dx, word ptr [bp + 0x25e] 0x13329: int 0x21 0x1332b: mov ah, 0x39 0x1332d: lea dx, word ptr [bp + 0x266] |
| 2018-12-25T11:53:14.585436769Z | 44 | PC: 13312 | Get time 0x13312: cmp dh, 0x1e 0x13315: jb 0x1331a 0x13317: jmp 0x13464 0x1331a: mov cx, 5 0x1331d: mov al, 7 0x1331f: int 0x29 0x13321: loop 0x1331d 0x13323: mov ah, 0x39 0x13325: lea dx, word ptr [bp + 0x25e] 0x13329: int 0x21 0x1332b: mov ah, 0x39 0x1332d: lea dx, word ptr [bp + 0x266] 0x13331: int 0x21 0x13333: mov ax, 0x3d02 0x13336: lea dx, word ptr [bp + 0x26b] 0x1333a: int 0x21 0x1333c: xchg ax, bx 0x1333d: mov ax, 0x4202 0x13340: xor cx, cx 0x13342: xor dx, dx |
| 2018-12-25T11:53:14.588523146Z | 57 | PC: 1332b | Create subdirectory |
| 2018-12-25T11:53:14.601277391Z | 57 | PC: 13333 | Create subdirectory |
| 2018-12-25T11:53:14.615135916Z | 61 | PC: 1333c | Open file (Filename = 'config.sys') |
| 2018-12-25T11:53:14.622157733Z | 66 | PC: 13346 | Move file pointer |
| 2018-12-25T11:53:14.624011844Z | 64 | PC: 13351 | Write file or device (Write 44 bytes on handle 2) |
| 2018-12-25T11:53:14.62917464Z | 62 | PC: 13355 | Close file |
| 2018-12-25T11:53:14.630864802Z | 26 | PC: 1346a | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4914,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:14.903629814Z | 47 | PC: 132cb | Get disk transfer address |
| 2018-12-25T11:53:14.905247549Z | 26 | PC: 132d7 | Set disk transfer address |
| 2018-12-25T11:53:14.906536277Z | 78 | PC: 132ef | Find first file |
| 2018-12-25T11:53:14.912582265Z | 61 | PC: 13361 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:53:14.919754501Z | 63 | PC: 1336e | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:53:14.922494141Z | 66 | PC: 133cc | Move file pointer |
| 2018-12-25T11:53:14.924636152Z | 64 | PC: 1343c | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-25T11:53:14.928117057Z | 64 | PC: 13447 | Write file or device (Write 566 bytes on handle 5) |
| 2018-12-25T11:53:14.94251279Z | 66 | PC: 13450 | Move file pointer |
| 2018-12-25T11:53:14.943669886Z | 64 | PC: 1345b | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T11:53:14.946266194Z | 62 | PC: 1345f | Close file |
| 2018-12-25T11:53:14.955277682Z | 79 | PC: 132ef | Find next file (See above) |
| 2018-12-25T11:53:14.957598245Z | 59 | PC: 132f9 | Change current directory |
| 2018-12-25T11:53:14.961697234Z | 42 | PC: 132ff | Get date 0x132ff: cmp dl, 0x1f 0x13302: je 0x1330e 0x13304: cmp dl, 0xd 0x13307: je 0x1330e 0x13309: je 0x1330e 0x1330b: jmp 0x13464 0x1330e: mov ah, 0x2c 0x13310: int 0x21 0x13312: cmp dh, 0x1e 0x13315: jb 0x1331a 0x13317: jmp 0x13464 0x1331a: mov cx, 5 0x1331d: mov al, 7 0x1331f: int 0x29 0x13321: loop 0x1331d 0x13323: mov ah, 0x39 0x13325: lea dx, word ptr [bp + 0x25e] 0x13329: int 0x21 0x1332b: mov ah, 0x39 0x1332d: lea dx, word ptr [bp + 0x266] |
| 2018-12-25T11:53:14.966244066Z | 26 | PC: 1346a | Set disk transfer address |
{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4914,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:15.347596888Z | 47 | PC: 132cb | Get disk transfer address |
| 2018-12-25T11:53:15.34969706Z | 26 | PC: 132d7 | Set disk transfer address |
| 2018-12-25T11:53:15.350973036Z | 78 | PC: 132ef | Find first file |
| 2018-12-25T11:53:15.357584555Z | 61 | PC: 13361 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:53:15.364925723Z | 63 | PC: 1336e | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:53:15.367825363Z | 66 | PC: 133cc | Move file pointer |
| 2018-12-25T11:53:15.369879125Z | 64 | PC: 1343c | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-25T11:53:15.373282798Z | 64 | PC: 13447 | Write file or device (Write 566 bytes on handle 5) |
| 2018-12-25T11:53:15.387974212Z | 66 | PC: 13450 | Move file pointer |
| 2018-12-25T11:53:15.388939484Z | 64 | PC: 1345b | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T11:53:15.390785017Z | 62 | PC: 1345f | Close file |
| 2018-12-25T11:53:15.396780625Z | 79 | PC: 132ef | Find next file (See above) |
| 2018-12-25T11:53:15.399015548Z | 59 | PC: 132f9 | Change current directory |
| 2018-12-25T11:53:15.403371713Z | 42 | PC: 132ff | Get date 0x132ff: cmp dl, 0x1f 0x13302: je 0x1330e 0x13304: cmp dl, 0xd 0x13307: je 0x1330e 0x13309: je 0x1330e 0x1330b: jmp 0x13464 0x1330e: mov ah, 0x2c 0x13310: int 0x21 0x13312: cmp dh, 0x1e 0x13315: jb 0x1331a 0x13317: jmp 0x13464 0x1331a: mov cx, 5 0x1331d: mov al, 7 0x1331f: int 0x29 0x13321: loop 0x1331d 0x13323: mov ah, 0x39 0x13325: lea dx, word ptr [bp + 0x25e] 0x13329: int 0x21 0x1332b: mov ah, 0x39 0x1332d: lea dx, word ptr [bp + 0x266] |
| 2018-12-25T11:53:15.40571782Z | 44 | PC: 13312 | Get time 0x13312: cmp dh, 0x1e 0x13315: jb 0x1331a 0x13317: jmp 0x13464 0x1331a: mov cx, 5 0x1331d: mov al, 7 0x1331f: int 0x29 0x13321: loop 0x1331d 0x13323: mov ah, 0x39 0x13325: lea dx, word ptr [bp + 0x25e] 0x13329: int 0x21 0x1332b: mov ah, 0x39 0x1332d: lea dx, word ptr [bp + 0x266] 0x13331: int 0x21 0x13333: mov ax, 0x3d02 0x13336: lea dx, word ptr [bp + 0x26b] 0x1333a: int 0x21 0x1333c: xchg ax, bx 0x1333d: mov ax, 0x4202 0x13340: xor cx, cx 0x13342: xor dx, dx |
| 2018-12-25T11:53:15.407682014Z | 57 | PC: 1332b | Create subdirectory |
| 2018-12-25T11:53:15.416768276Z | 57 | PC: 13333 | Create subdirectory |
| 2018-12-25T11:53:15.427187357Z | 61 | PC: 1333c | Open file (Filename = 'config.sys') |
| 2018-12-25T11:53:15.431403195Z | 66 | PC: 13346 | Move file pointer |
| 2018-12-25T11:53:15.432639303Z | 64 | PC: 13351 | Write file or device (Write 44 bytes on handle 2) |
| 2018-12-25T11:53:15.435714371Z | 62 | PC: 13355 | Close file |
| 2018-12-25T11:53:15.437873256Z | 26 | PC: 1346a | Set disk transfer address |