{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12969,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:06.126981971Z | 26 | PC: 12c2c | Set disk transfer address |
| 2018-12-25T12:37:06.128691374Z | 71 | PC: 12b23 | Get current directory |
| 2018-12-25T12:37:06.132764395Z | 78 | PC: 12b33 | Find first file |
| 2018-12-25T12:37:06.13887071Z | 42 | PC: 12b48 | Get date 0x12b48: cmp cx, 0x7c9 0x12b4c: jb 0x12b78 0x12b4e: cmp al, 5 0x12b50: jne 0x12b78 0x12b52: mov ah, 9 0x12b54: lea dx, word ptr [bp + 0x159] 0x12b58: int 0x21 0x12b5a: int 0x20 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: mov cx, dx 0x12b62: mov al, 2 0x12b64: mov dx, 1 0x12b67: int 0x26 0x12b69: jb 0x12b6e 0x12b6b: add sp, 2 0x12b6e: inc al 0x12b70: cmp al, 4 0x12b72: je 0x12b76 0x12b74: jmp 0x12b52 |
| 2018-12-25T12:37:06.141568087Z | 61 | PC: 12b81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:06.149372308Z | 63 | PC: 12b8d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:37:06.155801861Z | 66 | PC: 12c34 | Move file pointer |
| 2018-12-25T12:37:06.15740152Z | 64 | PC: 12bbf | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:37:06.161327578Z | 66 | PC: 12c34 | Move file pointer (See above) |
| 2018-12-25T12:37:06.163403239Z | 44 | PC: 12bc8 | Get time 0x12bc8: mov word ptr ds:[bp + 0x2d6], dx 0x12bcd: call 0x22a82 0x12bd0: push bx 0x12bd1: push cx 0x12bd2: push dx 0x12bd3: mov dx, word ptr ds:[bp + 0x2d6] 0x12bd8: lea bx, word ptr [bp + 0x349] 0x12bdc: mov cx, 0xd1 0x12bdf: xor word ptr [bx], dx 0x12be1: add bx, 2 0x12be4: loop 0x12bdf 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: mov ah, 0x40 0x12beb: mov cx, 0x31 0x12bee: lea dx, word ptr [bp + 0x103] 0x12bf2: int 0x21 0x12bf4: mov ah, 0x40 0x12bf6: mov cx, 0x1a2 |
| 2018-12-25T12:37:06.168189119Z | 64 | PC: 12bf4 | Write file or device (Write 49 bytes on handle 5) |
| 2018-12-25T12:37:06.172242889Z | 64 | PC: 12bff | Write file or device (Write 418 bytes on handle 5) |
| 2018-12-25T12:37:06.185894104Z | 64 | PC: 12c0a | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T12:37:06.189493183Z | 87 | PC: 12c19 | Get or set file date and time |
| 2018-12-25T12:37:06.191361532Z | 62 | PC: 12c1d | Close file |
| 2018-12-25T12:37:06.199483939Z | 59 | PC: 12c25 | Change current directory |
| 2018-12-25T12:37:06.203635519Z | 26 | PC: 12c2c | Set disk transfer address (See above) |
| 2018-12-25T12:37:06.204955408Z | 9 | PC: 12a47 | Display string (String= 'Stoopid GRUNT-3 Dropper!') |
{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12969,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:06.028908864Z | 64 | PC: 0 | Write file or device (Write 2 bytes on handle 1) |
| 2018-12-25T12:37:06.034186365Z | 41 | PC: 94fae | Parse filename |
| 2018-12-25T12:37:06.038657045Z | 41 | PC: 9502f | Parse filename |
| 2018-12-25T12:37:06.042896564Z | 41 | PC: 9504c | Parse filename |
| 2018-12-25T12:37:06.045361987Z | 26 | PC: 984f7 | Set disk transfer address |
| 2018-12-25T12:37:06.074962552Z | 71 | PC: 986f3 | Get current directory |
| 2018-12-25T12:37:06.080409698Z | 78 | PC: 986fe | Find first file |
| 2018-12-25T12:37:06.098630381Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T12:37:06.110503251Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T12:37:06.134198421Z | 64 | PC: 9a848 | Write file or device (Write 26 bytes on handle 2) |
| 2018-12-25T12:37:06.139197773Z | 37 | PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write') |
| 2018-12-25T12:37:06.14200198Z | 37 | PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T12:37:06.143361518Z | 37 | PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:37:06.144776069Z | 62 | PC: 122ab | Close file |
| 2018-12-25T12:37:06.147174955Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.148902635Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.150633244Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.153281896Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.158269119Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.159878553Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.170071279Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.174639231Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.176141096Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.177700883Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.179973729Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.181453532Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.183773709Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.186105341Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T12:37:06.187793615Z | 99 | PC: 9a5d7 | Get DBCS lead byte table pointer |
| 2018-12-25T12:37:06.18903984Z | 56 | PC: 94df9 | Get or set country info |
| 2018-12-25T12:37:06.192229797Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T12:37:06.19718827Z | 25 | PC: 94e62 | Get default drive |
| 2018-12-25T12:37:06.199040128Z | 71 | PC: 970dd | Get current directory |
| 2018-12-25T12:37:06.20704424Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T12:37:06.223362929Z | 2 | PC: 970b2 | Character output (Char = '3e') |
| 2018-12-25T12:37:06.225721532Z | 93 | PC: 94f20 | File sharing functions |
| 2018-12-25T12:37:06.228178663Z | 93 | PC: 94f27 | File sharing functions |
| 2018-12-25T12:37:06.230009728Z | 10 | PC: 94f39 | Buffered keyboard input |
| 2018-12-25T12:37:21.075791219Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T12:37:22.430836631Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T12:37:22.533126632Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T12:37:22.539709109Z | 41 | PC: 94fae | Parse filename (See above) |
| 2018-12-25T12:37:22.541833365Z | 41 | PC: 9502f | Parse filename (See above) |
| 2018-12-25T12:37:22.543165496Z | 41 | PC: 9504c | Parse filename (See above) |
| 2018-12-25T12:37:22.54696643Z | 26 | PC: 984f7 | Set disk transfer address (See above) |
| 2018-12-25T12:37:22.548661016Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T12:37:22.556232441Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T12:37:22.566833445Z | 71 | PC: 9856c | Get current directory |
| 2018-12-25T12:37:22.570129891Z | 73 | PC: 97c09 | Release memory |
| 2018-12-25T12:37:22.571406747Z | 75 | PC: 11821 | Execute program |
| 2018-12-25T12:37:22.585680905Z | 9 | PC: 12a47 | Display string (String= 'Hello, World! ') |
| 2018-12-25T12:37:22.589947223Z | 76 | PC: 12a4b | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":2,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12969,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:06.162912175Z | 26 | PC: 12c2c | Set disk transfer address |
| 2018-12-25T12:37:06.164913129Z | 71 | PC: 12b23 | Get current directory |
| 2018-12-25T12:37:06.167776218Z | 78 | PC: 12b33 | Find first file |
| 2018-12-25T12:37:06.174050031Z | 42 | PC: 12b48 | Get date 0x12b48: cmp cx, 0x7c9 0x12b4c: jb 0x12b78 0x12b4e: cmp al, 5 0x12b50: jne 0x12b78 0x12b52: mov ah, 9 0x12b54: lea dx, word ptr [bp + 0x159] 0x12b58: int 0x21 0x12b5a: int 0x20 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: mov cx, dx 0x12b62: mov al, 2 0x12b64: mov dx, 1 0x12b67: int 0x26 0x12b69: jb 0x12b6e 0x12b6b: add sp, 2 0x12b6e: inc al 0x12b70: cmp al, 4 0x12b72: je 0x12b76 0x12b74: jmp 0x12b52 |
| 2018-12-25T12:37:06.178754043Z | 61 | PC: 12b81 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:06.186001479Z | 63 | PC: 12b8d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:37:06.193632192Z | 66 | PC: 12c34 | Move file pointer |
| 2018-12-25T12:37:06.197297026Z | 64 | PC: 12bbf | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:37:06.201016994Z | 66 | PC: 12c34 | Move file pointer (See above) |
| 2018-12-25T12:37:06.202715957Z | 44 | PC: 12bc8 | Get time 0x12bc8: mov word ptr ds:[bp + 0x2d6], dx 0x12bcd: call 0x22a82 0x12bd0: push bx 0x12bd1: push cx 0x12bd2: push dx 0x12bd3: mov dx, word ptr ds:[bp + 0x2d6] 0x12bd8: lea bx, word ptr [bp + 0x349] 0x12bdc: mov cx, 0xd1 0x12bdf: xor word ptr [bx], dx 0x12be1: add bx, 2 0x12be4: loop 0x12bdf 0x12be6: pop dx 0x12be7: pop cx 0x12be8: pop bx 0x12be9: mov ah, 0x40 0x12beb: mov cx, 0x31 0x12bee: lea dx, word ptr [bp + 0x103] 0x12bf2: int 0x21 0x12bf4: mov ah, 0x40 0x12bf6: mov cx, 0x1a2 |
| 2018-12-25T12:37:06.207702044Z | 64 | PC: 12bf4 | Write file or device (Write 49 bytes on handle 5) |
| 2018-12-25T12:37:06.211354567Z | 64 | PC: 12bff | Write file or device (Write 418 bytes on handle 5) |
| 2018-12-25T12:37:06.223936013Z | 64 | PC: 12c0a | Write file or device (Write 6 bytes on handle 5) |
| 2018-12-25T12:37:06.22653391Z | 87 | PC: 12c19 | Get or set file date and time |
| 2018-12-25T12:37:06.228512573Z | 62 | PC: 12c1d | Close file |
| 2018-12-25T12:37:06.236438985Z | 59 | PC: 12c25 | Change current directory |
| 2018-12-25T12:37:06.241998903Z | 26 | PC: 12c2c | Set disk transfer address (See above) |
| 2018-12-25T12:37:06.244468902Z | 9 | PC: 12a47 | Display string (String= 'Stoopid GRUNT-3 Dropper!') |