{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11095,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:55.271464885Z | 71 | PC: 12b26 | Get current directory |
| 2018-12-25T12:29:55.274993611Z | 78 | PC: 12b3d | Find first file |
| 2018-12-25T12:29:55.281123662Z | 61 | PC: 12b5a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:29:55.287657061Z | 67 | PC: 12b64 | Get or set file attributes |
| 2018-12-25T12:29:55.305388023Z | 64 | PC: 12bf3 | Write file or device (Write 1772 bytes on handle 5) |
| 2018-12-25T12:29:55.315495338Z | 62 | PC: 12b6b | Close file |
| 2018-12-25T12:29:55.324551311Z | 79 | PC: 12b7d | Find next file |
| 2018-12-25T12:29:55.327215377Z | 61 | PC: 12b5a | Open file (See above) |
| 2018-12-25T12:29:55.334317539Z | 67 | PC: 12b64 | Get or set file attributes (See above) |
| 2018-12-25T12:29:55.344794184Z | 64 | PC: 12bf3 | Write file or device (See above) |
| 2018-12-25T12:29:55.352999379Z | 62 | PC: 12b6b | Close file (See above) |
| 2018-12-25T12:29:55.361065479Z | 79 | PC: 12b7d | Find next file (See above) |
| 2018-12-25T12:29:55.36356734Z | 61 | PC: 12b5a | Open file (See above) |
| 2018-12-25T12:29:55.369871659Z | 67 | PC: 12b64 | Get or set file attributes (See above) |
| 2018-12-25T12:29:55.382567571Z | 64 | PC: 12bf3 | Write file or device (See above) |
| 2018-12-25T12:29:55.391426028Z | 62 | PC: 12b6b | Close file (See above) |
| 2018-12-25T12:29:55.399856034Z | 59 | PC: 12b9b | Change current directory |
| 2018-12-25T12:29:55.404641475Z | 44 | PC: 12ba1 | Get time 0x12ba1: mov ah, 9 0x12ba3: cmp dl, 0x32 0x12ba6: jbe 0x12baf 0x12ba8: lea dx, word ptr [bp + 0x194] 0x12bac: jmp 0x12bb3 0x12bae: nop 0x12baf: lea dx, word ptr [bp + 0x17b] 0x12bb3: int 0x21 0x12bb5: mov ah, 0x3b 0x12bb7: lea dx, word ptr [bp + 0x2b6] 0x12bbb: int 0x21 0x12bbd: mov ah, 0x2a 0x12bbf: int 0x21 0x12bc1: cmp dl, 0x1b 0x12bc4: jne 0x12bda 0x12bc6: mov ah, 0x56 0x12bc8: lea dx, word ptr [bp + 0x11a] 0x12bcc: lea di, word ptr [bp + 0x129] 0x12bd0: int 0x21 0x12bd2: mov ah, 9 |
| 2018-12-25T12:29:55.406994752Z | 9 | PC: 12bb5 | Display string (String= 'SYNTAX ERROR, is This a Pentium?!') |
| 2018-12-25T12:29:55.40952846Z | 59 | PC: 12bbd | Change current directory |
| 2018-12-25T12:29:55.416547998Z | 42 | PC: 12bc1 | Get date 0x12bc1: cmp dl, 0x1b 0x12bc4: jne 0x12bda 0x12bc6: mov ah, 0x56 0x12bc8: lea dx, word ptr [bp + 0x11a] 0x12bcc: lea di, word ptr [bp + 0x129] 0x12bd0: int 0x21 0x12bd2: mov ah, 9 0x12bd4: lea dx, word ptr [bp + 0x1b6] 0x12bd8: int 0x21 0x12bda: int 0x20 0x12bdc: mov dx, 0x100 0x12bdf: mov cx, 0x6ec 0x12be2: nop 0x12be3: lea si, word ptr [bp + 0x100] 0x12be7: lea di, word ptr [bp + 0x86c] 0x12beb: lea dx, word ptr [bp + 0x86c] 0x12bef: mov ah, 0x40 0x12bf1: int 0x21 0x12bf3: jmp 0x12b67 0x12bf6: add byte ptr [bx + si], al |
{"DateBased":true,"Day":27,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11095,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:55.440491843Z | 71 | PC: 12b26 | Get current directory |
| 2018-12-25T12:29:55.443787569Z | 78 | PC: 12b3d | Find first file |
| 2018-12-25T12:29:55.448693034Z | 61 | PC: 12b5a | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:29:55.457891315Z | 67 | PC: 12b64 | Get or set file attributes |
| 2018-12-25T12:29:55.473546179Z | 64 | PC: 12bf3 | Write file or device (Write 1772 bytes on handle 5) |
| 2018-12-25T12:29:55.48062102Z | 62 | PC: 12b6b | Close file |
| 2018-12-25T12:29:55.487178277Z | 79 | PC: 12b7d | Find next file |
| 2018-12-25T12:29:55.490083703Z | 61 | PC: 12b5a | Open file (See above) |
| 2018-12-25T12:29:55.496559777Z | 67 | PC: 12b64 | Get or set file attributes (See above) |
| 2018-12-25T12:29:55.504433589Z | 64 | PC: 12bf3 | Write file or device (See above) |
| 2018-12-25T12:29:55.51130138Z | 62 | PC: 12b6b | Close file (See above) |
| 2018-12-25T12:29:55.519606994Z | 79 | PC: 12b7d | Find next file (See above) |
| 2018-12-25T12:29:55.522080509Z | 61 | PC: 12b5a | Open file (See above) |
| 2018-12-25T12:29:55.528269805Z | 67 | PC: 12b64 | Get or set file attributes (See above) |
| 2018-12-25T12:29:55.538213818Z | 64 | PC: 12bf3 | Write file or device (See above) |
| 2018-12-25T12:29:55.546339131Z | 62 | PC: 12b6b | Close file (See above) |
| 2018-12-25T12:29:55.555037506Z | 59 | PC: 12b9b | Change current directory |
| 2018-12-25T12:29:55.560898316Z | 44 | PC: 12ba1 | Get time 0x12ba1: mov ah, 9 0x12ba3: cmp dl, 0x32 0x12ba6: jbe 0x12baf 0x12ba8: lea dx, word ptr [bp + 0x194] 0x12bac: jmp 0x12bb3 0x12bae: nop 0x12baf: lea dx, word ptr [bp + 0x17b] 0x12bb3: int 0x21 0x12bb5: mov ah, 0x3b 0x12bb7: lea dx, word ptr [bp + 0x2b6] 0x12bbb: int 0x21 0x12bbd: mov ah, 0x2a 0x12bbf: int 0x21 0x12bc1: cmp dl, 0x1b 0x12bc4: jne 0x12bda 0x12bc6: mov ah, 0x56 0x12bc8: lea dx, word ptr [bp + 0x11a] 0x12bcc: lea di, word ptr [bp + 0x129] 0x12bd0: int 0x21 0x12bd2: mov ah, 9 |
| 2018-12-25T12:29:55.563088588Z | 9 | PC: 12bb5 | Display string (String= 'SYNTAX ERROR, is This a Pentium?!') |
| 2018-12-25T12:29:55.565238714Z | 59 | PC: 12bbd | Change current directory |
| 2018-12-25T12:29:55.568049218Z | 42 | PC: 12bc1 | Get date 0x12bc1: cmp dl, 0x1b 0x12bc4: jne 0x12bda 0x12bc6: mov ah, 0x56 0x12bc8: lea dx, word ptr [bp + 0x11a] 0x12bcc: lea di, word ptr [bp + 0x129] 0x12bd0: int 0x21 0x12bd2: mov ah, 9 0x12bd4: lea dx, word ptr [bp + 0x1b6] 0x12bd8: int 0x21 0x12bda: int 0x20 0x12bdc: mov dx, 0x100 0x12bdf: mov cx, 0x6ec 0x12be2: nop 0x12be3: lea si, word ptr [bp + 0x100] 0x12be7: lea di, word ptr [bp + 0x86c] 0x12beb: lea dx, word ptr [bp + 0x86c] 0x12bef: mov ah, 0x40 0x12bf1: int 0x21 0x12bf3: jmp 0x12b67 0x12bf6: add byte ptr [bx + si], al |
| 2018-12-25T12:29:55.570291418Z | 86 | PC: 12bd2 | Rename file |
| 2018-12-25T12:29:55.901886486Z | 9 | PC: 12bda | Display string (String= 'PEARL JAM SUX!!!!LONG LIVE TECHNO!!!!') |