{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5862,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:55:33.221388233Z | 75 | PC: 12c7e | Execute program |
| 2018-12-25T11:55:33.22812355Z | 42 | PC: 12c92 | Get date 0x12c92: cmp dh, 0xb 0x12c95: jne 0x12ca3 0x12c97: cmp al, 1 0x12c99: jne 0x12ca3 0x12c9b: mov ah, 9 0x12c9d: lea dx, word ptr [bp + 0x55d] 0x12ca1: int 0x21 0x12ca3: mov ax, 0xffff 0x12ca6: mov ds, ax 0x12ca8: push cs 0x12ca9: pop es 0x12caa: xor si, si 0x12cac: mov di, 0x90 0x12caf: mov cx, 0x10 0x12cb2: cld 0x12cb3: repe cmpsb byte ptr [si], byte ptr es:[di] 0x12cb5: je 0x12cd2 0x12cb7: mov ax, word ptr cs:[0x8e] 0x12cbb: inc ax 0x12cbc: cmp ax, 0x100 |
| 2018-12-25T11:55:33.230629487Z | 74 | PC: 12d1d | Reallocate memory |
| 2018-12-25T11:55:33.232224827Z | 74 | PC: 12b02 | Reallocate memory |
| 2018-12-25T11:55:33.238211296Z | 72 | PC: 12b0b | Allocate memory |
| 2018-12-25T11:55:33.240038032Z | 67 | PC: 12d24 | Get or set file attributes |
| 2018-12-25T11:55:33.245482518Z | 61 | PC: 12d24 | Open file (See above) |
| 2018-12-25T11:55:33.251806754Z | 87 | PC: 12d24 | Get or set file date and time (See above) |
| 2018-12-25T11:55:33.253924643Z | 63 | PC: 12d24 | Read file or device (See above) |
| 2018-12-25T11:55:33.256789066Z | 66 | PC: 12d24 | Move file pointer (See above) |
| 2018-12-25T11:55:33.258433506Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.263020433Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.933781596Z | 66 | PC: 12d24 | Move file pointer (See above) |
| 2018-12-25T11:55:33.935837054Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.940055713Z | 87 | PC: 12d24 | Get or set file date and time (See above) |
| 2018-12-25T11:55:33.941643961Z | 62 | PC: 12d24 | Close file (See above) |
{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5862,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:55:33.269916841Z | 75 | PC: 12c7e | Execute program |
| 2018-12-25T11:55:33.272006882Z | 42 | PC: 12c92 | Get date 0x12c92: cmp dh, 0xb 0x12c95: jne 0x12ca3 0x12c97: cmp al, 1 0x12c99: jne 0x12ca3 0x12c9b: mov ah, 9 0x12c9d: lea dx, word ptr [bp + 0x55d] 0x12ca1: int 0x21 0x12ca3: mov ax, 0xffff 0x12ca6: mov ds, ax 0x12ca8: push cs 0x12ca9: pop es 0x12caa: xor si, si 0x12cac: mov di, 0x90 0x12caf: mov cx, 0x10 0x12cb2: cld 0x12cb3: repe cmpsb byte ptr [si], byte ptr es:[di] 0x12cb5: je 0x12cd2 0x12cb7: mov ax, word ptr cs:[0x8e] 0x12cbb: inc ax 0x12cbc: cmp ax, 0x100 |
| 2018-12-25T11:55:33.274515734Z | 74 | PC: 12d1d | Reallocate memory |
| 2018-12-25T11:55:33.276189207Z | 74 | PC: 12b02 | Reallocate memory |
| 2018-12-25T11:55:33.277961648Z | 72 | PC: 12b0b | Allocate memory |
| 2018-12-25T11:55:33.279732485Z | 67 | PC: 12d24 | Get or set file attributes |
| 2018-12-25T11:55:33.284707238Z | 61 | PC: 12d24 | Open file (See above) |
| 2018-12-25T11:55:33.290876726Z | 87 | PC: 12d24 | Get or set file date and time (See above) |
| 2018-12-25T11:55:33.292188474Z | 63 | PC: 12d24 | Read file or device (See above) |
| 2018-12-25T11:55:33.294912072Z | 66 | PC: 12d24 | Move file pointer (See above) |
| 2018-12-25T11:55:33.296464528Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.298540417Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.933311349Z | 66 | PC: 12d24 | Move file pointer (See above) |
| 2018-12-25T11:55:33.93604128Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.946933853Z | 87 | PC: 12d24 | Get or set file date and time (See above) |
| 2018-12-25T11:55:33.950364111Z | 62 | PC: 12d24 | Close file (See above) |
{"DateBased":true,"Day":3,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5862,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:55:33.553973846Z | 75 | PC: 12c7e | Execute program |
| 2018-12-25T11:55:33.564182712Z | 42 | PC: 12c92 | Get date 0x12c92: cmp dh, 0xb 0x12c95: jne 0x12ca3 0x12c97: cmp al, 1 0x12c99: jne 0x12ca3 0x12c9b: mov ah, 9 0x12c9d: lea dx, word ptr [bp + 0x55d] 0x12ca1: int 0x21 0x12ca3: mov ax, 0xffff 0x12ca6: mov ds, ax 0x12ca8: push cs 0x12ca9: pop es 0x12caa: xor si, si 0x12cac: mov di, 0x90 0x12caf: mov cx, 0x10 0x12cb2: cld 0x12cb3: repe cmpsb byte ptr [si], byte ptr es:[di] 0x12cb5: je 0x12cd2 0x12cb7: mov ax, word ptr cs:[0x8e] 0x12cbb: inc ax 0x12cbc: cmp ax, 0x100 |
| 2018-12-25T11:55:33.566594386Z | 9 | PC: 12ca3 | Display string (Could not find end pointer) |
| 2018-12-25T11:55:33.593212712Z | 74 | PC: 12d1d | Reallocate memory |
| 2018-12-25T11:55:33.595415731Z | 74 | PC: 12b02 | Reallocate memory |
| 2018-12-25T11:55:33.598381396Z | 72 | PC: 12b0b | Allocate memory |
| 2018-12-25T11:55:33.601027371Z | 67 | PC: 12d24 | Get or set file attributes |
| 2018-12-25T11:55:33.608516063Z | 61 | PC: 12d24 | Open file (See above) |
| 2018-12-25T11:55:33.61630735Z | 87 | PC: 12d24 | Get or set file date and time (See above) |
| 2018-12-25T11:55:33.618146498Z | 63 | PC: 12d24 | Read file or device (See above) |
| 2018-12-25T11:55:33.621605326Z | 66 | PC: 12d24 | Move file pointer (See above) |
| 2018-12-25T11:55:33.623924477Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.627660666Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.980603952Z | 66 | PC: 12d24 | Move file pointer (See above) |
| 2018-12-25T11:55:33.984103765Z | 64 | PC: 12d24 | Write file or device (See above) |
| 2018-12-25T11:55:33.987280428Z | 87 | PC: 12d24 | Get or set file date and time (See above) |
| 2018-12-25T11:55:33.98944408Z | 62 | PC: 12d24 | Close file (See above) |