{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6955,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:45.932457944Z | 26 | PC: 12c63 | Set disk transfer address |
| 2018-12-25T12:00:45.933630226Z | 71 | PC: 12c6d | Get current directory |
| 2018-12-25T12:00:45.935438099Z | 78 | PC: 12c75 | Find first file |
| 2018-12-25T12:00:45.938947593Z | 61 | PC: 12c86 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:00:45.94330209Z | 63 | PC: 12c98 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:00:45.944925278Z | 66 | PC: 12cb2 | Move file pointer |
| 2018-12-25T12:00:45.945910426Z | 64 | PC: 12cd2 | Write file or device (Write 669 bytes on handle 5) |
| 2018-12-25T12:00:45.958821238Z | 66 | PC: 12ce1 | Move file pointer |
| 2018-12-25T12:00:45.960232471Z | 64 | PC: 12cf1 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:00:45.962918319Z | 62 | PC: 12cf5 | Close file |
| 2018-12-25T12:00:45.971215967Z | 79 | PC: 12c75 | Find next file (See above) |
| 2018-12-25T12:00:45.973616123Z | 59 | PC: 12e2d | Change current directory |
| 2018-12-25T12:00:45.982331064Z | 42 | PC: 12cfe | Get date 0x12cfe: cmp dl, 1 0x12d01: jne 0x12d0d 0x12d03: mov ah, 9 0x12d05: lea dx, word ptr [bp + 0x33a] 0x12d09: int 0x21 0x12d0b: jmp 0x12d0b 0x12d0d: lea dx, word ptr [bp + 0x3e3] 0x12d11: mov ah, 0x3b 0x12d13: int 0x21 0x12d15: pop ds 0x12d16: mov dx, 0x80 0x12d19: mov ah, 0x1a 0x12d1b: nop 0x12d1c: nop 0x12d1d: int 0x21 0x12d1f: push ds 0x12d20: pop es 0x12d21: mov ax, es 0x12d23: nop 0x12d24: nop |
| 2018-12-25T12:00:45.984950002Z | 9 | PC: 12d0b | Display string (String= ' Love to LISA :) ') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6955,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:00:46.099497927Z | 26 | PC: 12c63 | Set disk transfer address |
| 2018-12-25T12:00:46.106401719Z | 71 | PC: 12c6d | Get current directory |
| 2018-12-25T12:00:46.109473128Z | 78 | PC: 12c75 | Find first file |
| 2018-12-25T12:00:46.115522863Z | 61 | PC: 12c86 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:00:46.127386116Z | 63 | PC: 12c98 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:00:46.133615621Z | 66 | PC: 12cb2 | Move file pointer |
| 2018-12-25T12:00:46.135086548Z | 64 | PC: 12cd2 | Write file or device (Write 669 bytes on handle 5) |
| 2018-12-25T12:00:46.151123611Z | 66 | PC: 12ce1 | Move file pointer |
| 2018-12-25T12:00:46.153038662Z | 64 | PC: 12cf1 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:00:46.156127713Z | 62 | PC: 12cf5 | Close file |
| 2018-12-25T12:00:46.164608941Z | 79 | PC: 12c75 | Find next file (See above) |
| 2018-12-25T12:00:46.16759653Z | 59 | PC: 12e2d | Change current directory |
| 2018-12-25T12:00:46.171863172Z | 42 | PC: 12cfe | Get date 0x12cfe: cmp dl, 1 0x12d01: jne 0x12d0d 0x12d03: mov ah, 9 0x12d05: lea dx, word ptr [bp + 0x33a] 0x12d09: int 0x21 0x12d0b: jmp 0x12d0b 0x12d0d: lea dx, word ptr [bp + 0x3e3] 0x12d11: mov ah, 0x3b 0x12d13: int 0x21 0x12d15: pop ds 0x12d16: mov dx, 0x80 0x12d19: mov ah, 0x1a 0x12d1b: nop 0x12d1c: nop 0x12d1d: int 0x21 0x12d1f: push ds 0x12d20: pop es 0x12d21: mov ax, es 0x12d23: nop 0x12d24: nop |
| 2018-12-25T12:00:46.173989701Z | 59 | PC: 12d15 | Change current directory |
| 2018-12-25T12:00:46.176672511Z | 26 | PC: 12d1f | Set disk transfer address |
| 2018-12-25T12:00:46.178624142Z | 76 | PC: 12aa4 | Terminate with return code (Return code = '164') |