{"DateBased":true,"Day":14,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7563,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:52.704390224Z | 42 | PC: 1303e | Get date 0x1303e: cmp dh, 3 0x13041: jne 0x1304b 0x13043: cmp dl, 0xe 0x13046: jne 0x1304b 0x13048: jmp 0x13211 0x1304b: push ds 0x1304c: push es 0x1304d: sub ax, ax 0x1304f: mov ds, ax 0x13051: cli 0x13052: les ax, ptr [0xc] 0x13056: mov word ptr cs:[bp + 0x8c2], ax 0x1305b: mov word ptr cs:[bp + 0x8c4], es 0x13060: les ax, ptr [0x84] 0x13064: mov word ptr [0xc], ax 0x13067: mov word ptr [0xe], es 0x1306b: sti 0x1306c: pop es 0x1306d: pop ds 0x1306e: mov byte ptr [bp + 0x8d9], 0 |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7563,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:53.506330652Z | 42 | PC: 1303e | Get date 0x1303e: cmp dh, 3 0x13041: jne 0x1304b 0x13043: cmp dl, 0xe 0x13046: jne 0x1304b 0x13048: jmp 0x13211 0x1304b: push ds 0x1304c: push es 0x1304d: sub ax, ax 0x1304f: mov ds, ax 0x13051: cli 0x13052: les ax, ptr [0xc] 0x13056: mov word ptr cs:[bp + 0x8c2], ax 0x1305b: mov word ptr cs:[bp + 0x8c4], es 0x13060: les ax, ptr [0x84] 0x13064: mov word ptr [0xc], ax 0x13067: mov word ptr [0xe], es 0x1306b: sti 0x1306c: pop es 0x1306d: pop ds 0x1306e: mov byte ptr [bp + 0x8d9], 0 |
| 2018-12-25T12:01:53.509082043Z | 71 | PC: 1307c | Get current directory |
| 2018-12-25T12:01:53.512703656Z | 26 | PC: 13083 | Set disk transfer address |
| 2018-12-25T12:01:53.514005277Z | 78 | PC: 1308d | Find first file |
| 2018-12-25T12:01:53.520758629Z | 67 | PC: 130b7 | Get or set file attributes |
| 2018-12-25T12:01:53.764916371Z | 61 | PC: 130bf | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:01:53.77294318Z | 63 | PC: 130ca | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:01:53.776436496Z | 67 | PC: 13201 | Get or set file attributes |
| 2018-12-25T12:01:53.791152763Z | 87 | PC: 1320d | Get or set file date and time |
| 2018-12-25T12:01:53.793083184Z | 62 | PC: 13210 | Close file |
| 2018-12-25T12:01:53.800890114Z | 79 | PC: 1314d | Find next file |
| 2018-12-25T12:01:53.804268175Z | 59 | PC: 1315a | Change current directory |
| 2018-12-25T12:01:53.810015742Z | 67 | PC: 13201 | Get or set file attributes (See above) |
| 2018-12-25T12:01:53.820991827Z | 87 | PC: 1320d | Get or set file date and time (See above) |
| 2018-12-25T12:01:53.825458224Z | 62 | PC: 13210 | Close file (See above) |
| 2018-12-25T12:01:53.828386126Z | 79 | PC: 1314d | Find next file (See above) |
| 2018-12-25T12:01:53.832033933Z | 59 | PC: 1315a | Change current directory (See above) |
| 2018-12-25T12:01:53.841568643Z | 26 | PC: 131d1 | Set disk transfer address |
| 2018-12-25T12:01:53.854196065Z | 59 | PC: 131d8 | Change current directory |
| 2018-12-25T12:01:53.858656853Z | 76 | PC: 12a4a | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7563,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:53.69628762Z | 42 | PC: 1303e | Get date 0x1303e: cmp dh, 3 0x13041: jne 0x1304b 0x13043: cmp dl, 0xe 0x13046: jne 0x1304b 0x13048: jmp 0x13211 0x1304b: push ds 0x1304c: push es 0x1304d: sub ax, ax 0x1304f: mov ds, ax 0x13051: cli 0x13052: les ax, ptr [0xc] 0x13056: mov word ptr cs:[bp + 0x8c2], ax 0x1305b: mov word ptr cs:[bp + 0x8c4], es 0x13060: les ax, ptr [0x84] 0x13064: mov word ptr [0xc], ax 0x13067: mov word ptr [0xe], es 0x1306b: sti 0x1306c: pop es 0x1306d: pop ds 0x1306e: mov byte ptr [bp + 0x8d9], 0 |
| 2018-12-25T12:01:53.700836138Z | 71 | PC: 1307c | Get current directory |
| 2018-12-25T12:01:53.704336328Z | 26 | PC: 13083 | Set disk transfer address |
| 2018-12-25T12:01:53.70612881Z | 78 | PC: 1308d | Find first file |
| 2018-12-25T12:01:53.714727691Z | 67 | PC: 130b7 | Get or set file attributes |
| 2018-12-25T12:01:53.764791957Z | 61 | PC: 130bf | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:01:53.772828111Z | 63 | PC: 130ca | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:01:53.775181828Z | 67 | PC: 13201 | Get or set file attributes |
| 2018-12-25T12:01:53.785032893Z | 87 | PC: 1320d | Get or set file date and time |
| 2018-12-25T12:01:53.786544546Z | 62 | PC: 13210 | Close file |
| 2018-12-25T12:01:53.792777167Z | 79 | PC: 1314d | Find next file |
| 2018-12-25T12:01:53.804507157Z | 59 | PC: 1315a | Change current directory |
| 2018-12-25T12:01:53.808291557Z | 67 | PC: 13201 | Get or set file attributes (See above) |
| 2018-12-25T12:01:53.817778649Z | 87 | PC: 1320d | Get or set file date and time (See above) |
| 2018-12-25T12:01:53.820150899Z | 62 | PC: 13210 | Close file (See above) |
| 2018-12-25T12:01:53.824038935Z | 79 | PC: 1314d | Find next file (See above) |
| 2018-12-25T12:01:53.827357769Z | 59 | PC: 1315a | Change current directory (See above) |
| 2018-12-25T12:01:53.833506595Z | 26 | PC: 131d1 | Set disk transfer address |
| 2018-12-25T12:01:53.834961921Z | 59 | PC: 131d8 | Change current directory |
| 2018-12-25T12:01:53.840190906Z | 76 | PC: 12a4a | Terminate with return code (Return code = '0') |