{"DateBased":true,"Day":3,"Month":9,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12255,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:15.85075619Z | 26 | PC: 12c00 | Set disk transfer address |
| 2018-12-25T12:32:15.851772368Z | 71 | PC: 12b14 | Get current directory |
| 2018-12-25T12:32:15.854037725Z | 78 | PC: 12b24 | Find first file |
| 2018-12-25T12:32:15.857889383Z | 61 | PC: 12b7b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:15.862053967Z | 63 | PC: 12b87 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:32:15.866753106Z | 66 | PC: 12c08 | Move file pointer |
| 2018-12-25T12:32:15.867918451Z | 64 | PC: 12bb9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:32:15.869640153Z | 66 | PC: 12c08 | Move file pointer (See above) |
| 2018-12-25T12:32:15.871104354Z | 44 | PC: 12bc2 | Get time 0x12bc2: mov word ptr ds:[bp + 0x2a8], dx 0x12bc7: call 0x22a86 0x12bca: mov ah, 0x40 0x12bcc: mov cx, 0x1ab 0x12bcf: lea dx, word ptr [bp + 0x103] 0x12bd3: int 0x21 0x12bd5: mov ax, 0x5701 0x12bd8: mov cx, word ptr ds:[bp + 0x2c6] 0x12bdd: mov dx, word ptr ds:[bp + 0x2c8] 0x12be2: int 0x21 0x12be4: mov ah, 0x3e 0x12be6: int 0x21 0x12be8: call 0x22a86 0x12beb: call 0x22b35 0x12bee: call 0x22a86 0x12bf1: mov ah, 0x3b 0x12bf3: lea dx, word ptr [bp + 0x2e2] 0x12bf7: int 0x21 0x12bf9: mov dx, 0x80 0x12bfc: mov ah, 0x1a |
| 2018-12-25T12:32:15.874077052Z | 64 | PC: 12bd5 | Write file or device (Write 427 bytes on handle 5) |
| 2018-12-25T12:32:15.889821328Z | 87 | PC: 12be4 | Get or set file date and time |
| 2018-12-25T12:32:15.891693963Z | 62 | PC: 12be8 | Close file |
| 2018-12-25T12:32:15.898469721Z | 42 | PC: 12b39 | Get date 0x12b39: cmp cx, 0x7c9 0x12b3d: jl 0x12b71 0x12b3f: cmp dh, 9 0x12b42: jne 0x12b71 0x12b44: cmp dl, 3 0x12b47: jne 0x12b71 0x12b49: mov ah, 0x4e 0x12b4b: lea dx, word ptr [bp + 0x185] 0x12b4f: xor cx, cx 0x12b51: int 0x21 0x12b53: jae 0x12b61 0x12b55: lea dx, word ptr [bp + 0x192] 0x12b59: mov ah, 0x3b 0x12b5b: int 0x21 0x12b5d: jb 0x12b71 0x12b5f: jmp 0x12b49 0x12b61: mov ah, 0x41 0x12b63: lea dx, word ptr [bp + 0x2ce] 0x12b67: int 0x21 0x12b69: mov ah, 9 |
| 2018-12-25T12:32:15.900130988Z | 78 | PC: 12b53 | Find first file |
| 2018-12-25T12:32:15.907537494Z | 59 | PC: 12b5d | Change current directory |
| 2018-12-25T12:32:15.914651738Z | 59 | PC: 12bf9 | Change current directory |
| 2018-12-25T12:32:15.919437125Z | 26 | PC: 12c00 | Set disk transfer address (See above) |
| 2018-12-25T12:32:15.920499804Z | 9 | PC: 12a47 | Display string (String= 'Cairo Research Labs - 1992') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12255,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:16.100827607Z | 26 | PC: 12c00 | Set disk transfer address |
| 2018-12-25T12:32:16.102570807Z | 71 | PC: 12b14 | Get current directory |
| 2018-12-25T12:32:16.105750221Z | 78 | PC: 12b24 | Find first file |
| 2018-12-25T12:32:16.112041915Z | 61 | PC: 12b7b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:16.125974149Z | 63 | PC: 12b87 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:32:16.130764231Z | 66 | PC: 12c08 | Move file pointer |
| 2018-12-25T12:32:16.131996855Z | 64 | PC: 12bb9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:32:16.133970957Z | 66 | PC: 12c08 | Move file pointer (See above) |
| 2018-12-25T12:32:16.13554301Z | 44 | PC: 12bc2 | Get time 0x12bc2: mov word ptr ds:[bp + 0x2a8], dx 0x12bc7: call 0x22a86 0x12bca: mov ah, 0x40 0x12bcc: mov cx, 0x1ab 0x12bcf: lea dx, word ptr [bp + 0x103] 0x12bd3: int 0x21 0x12bd5: mov ax, 0x5701 0x12bd8: mov cx, word ptr ds:[bp + 0x2c6] 0x12bdd: mov dx, word ptr ds:[bp + 0x2c8] 0x12be2: int 0x21 0x12be4: mov ah, 0x3e 0x12be6: int 0x21 0x12be8: call 0x22a86 0x12beb: call 0x22b35 0x12bee: call 0x22a86 0x12bf1: mov ah, 0x3b 0x12bf3: lea dx, word ptr [bp + 0x2e2] 0x12bf7: int 0x21 0x12bf9: mov dx, 0x80 0x12bfc: mov ah, 0x1a |
| 2018-12-25T12:32:16.138755801Z | 64 | PC: 12bd5 | Write file or device (Write 427 bytes on handle 5) |
| 2018-12-25T12:32:16.154461961Z | 87 | PC: 12be4 | Get or set file date and time |
| 2018-12-25T12:32:16.156127614Z | 62 | PC: 12be8 | Close file |
| 2018-12-25T12:32:16.167548192Z | 42 | PC: 12b39 | Get date 0x12b39: cmp cx, 0x7c9 0x12b3d: jl 0x12b71 0x12b3f: cmp dh, 9 0x12b42: jne 0x12b71 0x12b44: cmp dl, 3 0x12b47: jne 0x12b71 0x12b49: mov ah, 0x4e 0x12b4b: lea dx, word ptr [bp + 0x185] 0x12b4f: xor cx, cx 0x12b51: int 0x21 0x12b53: jae 0x12b61 0x12b55: lea dx, word ptr [bp + 0x192] 0x12b59: mov ah, 0x3b 0x12b5b: int 0x21 0x12b5d: jb 0x12b71 0x12b5f: jmp 0x12b49 0x12b61: mov ah, 0x41 0x12b63: lea dx, word ptr [bp + 0x2ce] 0x12b67: int 0x21 0x12b69: mov ah, 9 |
| 2018-12-25T12:32:16.170677265Z | 59 | PC: 12bf9 | Change current directory |
| 2018-12-25T12:32:16.175709667Z | 26 | PC: 12c00 | Set disk transfer address (See above) |
| 2018-12-25T12:32:16.176851565Z | 9 | PC: 12a47 | Display string (String= 'Cairo Research Labs - 1992') |
{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12255,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:16.986965652Z | 26 | PC: 12c00 | Set disk transfer address |
| 2018-12-25T12:32:16.988551672Z | 71 | PC: 12b14 | Get current directory |
| 2018-12-25T12:32:16.991988294Z | 78 | PC: 12b24 | Find first file |
| 2018-12-25T12:32:16.998544471Z | 61 | PC: 12b7b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:17.005721576Z | 63 | PC: 12b87 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:32:17.013041009Z | 66 | PC: 12c08 | Move file pointer |
| 2018-12-25T12:32:17.014947082Z | 64 | PC: 12bb9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:32:17.018249172Z | 66 | PC: 12c08 | Move file pointer (See above) |
| 2018-12-25T12:32:17.020627322Z | 44 | PC: 12bc2 | Get time 0x12bc2: mov word ptr ds:[bp + 0x2a8], dx 0x12bc7: call 0x22a86 0x12bca: mov ah, 0x40 0x12bcc: mov cx, 0x1ab 0x12bcf: lea dx, word ptr [bp + 0x103] 0x12bd3: int 0x21 0x12bd5: mov ax, 0x5701 0x12bd8: mov cx, word ptr ds:[bp + 0x2c6] 0x12bdd: mov dx, word ptr ds:[bp + 0x2c8] 0x12be2: int 0x21 0x12be4: mov ah, 0x3e 0x12be6: int 0x21 0x12be8: call 0x22a86 0x12beb: call 0x22b35 0x12bee: call 0x22a86 0x12bf1: mov ah, 0x3b 0x12bf3: lea dx, word ptr [bp + 0x2e2] 0x12bf7: int 0x21 0x12bf9: mov dx, 0x80 0x12bfc: mov ah, 0x1a |
| 2018-12-25T12:32:17.026370544Z | 64 | PC: 12bd5 | Write file or device (Write 427 bytes on handle 5) |
| 2018-12-25T12:32:17.046139925Z | 87 | PC: 12be4 | Get or set file date and time |
| 2018-12-25T12:32:17.049168877Z | 62 | PC: 12be8 | Close file |
| 2018-12-25T12:32:17.071567563Z | 42 | PC: 12b39 | Get date 0x12b39: cmp cx, 0x7c9 0x12b3d: jl 0x12b71 0x12b3f: cmp dh, 9 0x12b42: jne 0x12b71 0x12b44: cmp dl, 3 0x12b47: jne 0x12b71 0x12b49: mov ah, 0x4e 0x12b4b: lea dx, word ptr [bp + 0x185] 0x12b4f: xor cx, cx 0x12b51: int 0x21 0x12b53: jae 0x12b61 0x12b55: lea dx, word ptr [bp + 0x192] 0x12b59: mov ah, 0x3b 0x12b5b: int 0x21 0x12b5d: jb 0x12b71 0x12b5f: jmp 0x12b49 0x12b61: mov ah, 0x41 0x12b63: lea dx, word ptr [bp + 0x2ce] 0x12b67: int 0x21 0x12b69: mov ah, 9 |
| 2018-12-25T12:32:17.07763131Z | 59 | PC: 12bf9 | Change current directory |
| 2018-12-25T12:32:17.083175224Z | 26 | PC: 12c00 | Set disk transfer address (See above) |
| 2018-12-25T12:32:17.084883779Z | 9 | PC: 12a47 | Display string (String= 'Cairo Research Labs - 1992') |
{"DateBased":true,"Day":1,"Month":9,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12255,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:32:17.476702531Z | 26 | PC: 12c00 | Set disk transfer address |
| 2018-12-25T12:32:17.478699451Z | 71 | PC: 12b14 | Get current directory |
| 2018-12-25T12:32:17.481346512Z | 78 | PC: 12b24 | Find first file |
| 2018-12-25T12:32:17.487421245Z | 61 | PC: 12b7b | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:32:17.494828551Z | 63 | PC: 12b87 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:32:17.50101525Z | 66 | PC: 12c08 | Move file pointer |
| 2018-12-25T12:32:17.502464118Z | 64 | PC: 12bb9 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:32:17.505705901Z | 66 | PC: 12c08 | Move file pointer (See above) |
| 2018-12-25T12:32:17.507168054Z | 44 | PC: 12bc2 | Get time 0x12bc2: mov word ptr ds:[bp + 0x2a8], dx 0x12bc7: call 0x22a86 0x12bca: mov ah, 0x40 0x12bcc: mov cx, 0x1ab 0x12bcf: lea dx, word ptr [bp + 0x103] 0x12bd3: int 0x21 0x12bd5: mov ax, 0x5701 0x12bd8: mov cx, word ptr ds:[bp + 0x2c6] 0x12bdd: mov dx, word ptr ds:[bp + 0x2c8] 0x12be2: int 0x21 0x12be4: mov ah, 0x3e 0x12be6: int 0x21 0x12be8: call 0x22a86 0x12beb: call 0x22b35 0x12bee: call 0x22a86 0x12bf1: mov ah, 0x3b 0x12bf3: lea dx, word ptr [bp + 0x2e2] 0x12bf7: int 0x21 0x12bf9: mov dx, 0x80 0x12bfc: mov ah, 0x1a |
| 2018-12-25T12:32:17.511721823Z | 64 | PC: 12bd5 | Write file or device (Write 427 bytes on handle 5) |
| 2018-12-25T12:32:17.65354282Z | 87 | PC: 12be4 | Get or set file date and time |
| 2018-12-25T12:32:17.655635742Z | 62 | PC: 12be8 | Close file |
| 2018-12-25T12:32:17.665631623Z | 42 | PC: 12b39 | Get date 0x12b39: cmp cx, 0x7c9 0x12b3d: jl 0x12b71 0x12b3f: cmp dh, 9 0x12b42: jne 0x12b71 0x12b44: cmp dl, 3 0x12b47: jne 0x12b71 0x12b49: mov ah, 0x4e 0x12b4b: lea dx, word ptr [bp + 0x185] 0x12b4f: xor cx, cx 0x12b51: int 0x21 0x12b53: jae 0x12b61 0x12b55: lea dx, word ptr [bp + 0x192] 0x12b59: mov ah, 0x3b 0x12b5b: int 0x21 0x12b5d: jb 0x12b71 0x12b5f: jmp 0x12b49 0x12b61: mov ah, 0x41 0x12b63: lea dx, word ptr [bp + 0x2ce] 0x12b67: int 0x21 0x12b69: mov ah, 9 |
| 2018-12-25T12:32:17.670330619Z | 59 | PC: 12bf9 | Change current directory |
| 2018-12-25T12:32:17.67512716Z | 26 | PC: 12c00 | Set disk transfer address (See above) |
| 2018-12-25T12:32:17.676082605Z | 9 | PC: 12a47 | Display string (String= 'Cairo Research Labs - 1992') |