Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Ear.1024.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:15.09631948Z 26 PC: 12b03 | Set disk transfer address
2018-12-17T23:10:15.097931924Z 71 PC: 12b15 | Get current directory
2018-12-17T23:10:15.102098783Z 78 PC: 12bd9 | Find first file
2018-12-17T23:10:15.10873634Z 78 PC: 12bd9 | Find first file
2018-12-17T23:10:15.115354511Z 61 PC: 12d52 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:15.123609351Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.131463398Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.133951809Z 61 PC: 12d52 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:15.147599665Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.158116962Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.159749944Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.167186283Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.184802856Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.186944475Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.195983631Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.208828466Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.212080665Z 61 PC: 12d52 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:15.220303625Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.229249254Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.23194698Z 61 PC: 12d52 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:15.239578136Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.243471491Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.245649559Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.248627702Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.261087603Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.262920231Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.271474584Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.282669625Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.287510964Z 61 PC: 12d52 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:15.295077118Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.302466079Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.305974119Z 61 PC: 12d52 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:15.313777359Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.317409042Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.321044371Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.324655735Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.335414807Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.338239631Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.347051449Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.364892855Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.370038545Z 61 PC: 12d52 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:15.379199219Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.387294789Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.390450607Z 61 PC: 12d52 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:15.398689126Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.402128226Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.404899991Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.407967071Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.417321019Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.418970472Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.428142317Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.440416368Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.443518685Z 61 PC: 12d52 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:15.451772313Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.458964614Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.461652561Z 61 PC: 12d52 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:15.470052493Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.473308098Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.475108796Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.478980961Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.488978229Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.490957653Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.500960071Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.51182983Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.51508265Z 61 PC: 12d52 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:15.522247339Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.5281532Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.529922559Z 61 PC: 12d52 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:15.536201171Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.540097571Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.5418195Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.544735547Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.555292348Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.557097223Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.566291982Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.57825105Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.581376471Z 61 PC: 12d52 | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:15.588703976Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.595894834Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.599306853Z 61 PC: 12d52 | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:15.606784792Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:15.610126128Z 66 PC: 12cca | Move file pointer
2018-12-17T23:10:15.612901029Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-17T23:10:15.616071453Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T23:10:15.625559123Z 87 PC: 12d1e | Get or set file date and time
2018-12-17T23:10:15.628007749Z 62 PC: 12d22 | Close file
2018-12-17T23:10:15.637348442Z 67 PC: 12d31 | Get or set file attributes
2018-12-17T23:10:15.648104547Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.652163945Z 61 PC: 12d52 | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:15.659535823Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:10:15.666718787Z 62 PC: 12bef | Close file
2018-12-17T23:10:15.669221646Z 79 PC: 12bd9 | Find next file
2018-12-17T23:10:15.67350321Z 59 PC: 12b32 | Change current directory
2018-12-17T23:10:15.678628102Z 59 PC: 12b3c | Change current directory
2018-12-17T23:10:15.68324045Z 42 PC: 12b40 | Get date 0x12b40: cmp dl, 1
0x12b43: jne 0x12b97
0x12b45: mov ah, 0x2c
0x12b47: int 0x21
0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
2018-12-17T23:10:15.68747692Z 26 PC: 12ba4 | Set disk transfer address
2018-12-17T23:10:15.688824455Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:59.923558927Z 26 PC: 12b03 | Set disk transfer address
2018-12-25T12:53:59.92627727Z 71 PC: 12b15 | Get current directory
2018-12-25T12:53:59.929871148Z 78 PC: 12bd9 | Find first file
2018-12-25T12:53:59.936771994Z 78 PC: 12bd9 | Find first file (See above)
2018-12-25T12:53:59.943953019Z 61 PC: 12d52 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:59.952455125Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:53:59.960006305Z 62 PC: 12bef | Close file
2018-12-25T12:53:59.962223566Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:53:59.971075914Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:59.974556024Z 66 PC: 12cca | Move file pointer
2018-12-25T12:53:59.976531298Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-25T12:53:59.980757558Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:53:59.996295674Z 87 PC: 12d1e | Get or set file date and time
2018-12-25T12:53:59.998306905Z 62 PC: 12d22 | Close file
2018-12-25T12:54:00.007899598Z 67 PC: 12d31 | Get or set file attributes
2018-12-25T12:54:00.019313227Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.022602402Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.030170793Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.038972814Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.040939251Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.048268781Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.051769218Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.053369934Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.056259905Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.066892582Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.068816624Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.077549921Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.091741177Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.094980088Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.10360432Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.112307439Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.115110929Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.123102468Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.127053805Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.129604221Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.133119474Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.143277211Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.145807015Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.154513865Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.165787609Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.169932036Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.178448081Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.185995708Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.189590806Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.197982001Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.201493497Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.20430129Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.21259231Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.222685945Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.224926925Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.234957661Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.24671165Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.250085657Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.258774023Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.266204521Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.268717066Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.277371947Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.280774131Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.282351393Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.285960894Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.29609533Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.297919934Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.307374756Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.321700259Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.325003281Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.33277731Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.341668429Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.344196741Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.351993839Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.356330778Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.358585351Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.361764638Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.373382763Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.37633867Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.385352859Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.397089252Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.401454711Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.409269648Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.416889199Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.420734213Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.428640087Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.432192535Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.435158492Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.439538703Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.449918179Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.453310091Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.462646848Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.481462157Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.485714687Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.493207076Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.496295243Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.498984317Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.503564367Z 59 PC: 12b32 | Change current directory
2018-12-25T12:54:00.509174484Z 59 PC: 12b3c | Change current directory
2018-12-25T12:54:00.514031652Z 42 PC: 12b40 | Get date 0x12b40: cmp dl, 1
0x12b43: jne 0x12b97
0x12b45: mov ah, 0x2c
0x12b47: int 0x21
0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
2018-12-25T12:54:00.517977665Z 44 PC: 12b49 | Get time 0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
0x12b6b: push dx
0x12b6c: lea dx, word ptr [bp + 0x43b]
0x12b70: int 0x21
0x12b72: mov ah, 7
2018-12-25T12:54:00.520824102Z 9 PC: 12b67 | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T12:54:00.527348464Z 9 PC: 12b6a | Display string (String= 'Eustachian Tube')
2018-12-25T12:54:00.532382819Z 9 PC: 12b72 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T12:54:00.543137755Z 7 PC: 12b76 | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:00.258264794Z 26 PC: 12b03 | Set disk transfer address
2018-12-25T12:54:00.259613557Z 71 PC: 12b15 | Get current directory
2018-12-25T12:54:00.264222091Z 78 PC: 12bd9 | Find first file
2018-12-25T12:54:00.272629567Z 78 PC: 12bd9 | Find first file (See above)
2018-12-25T12:54:00.284789505Z 61 PC: 12d52 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:00.299376237Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:00.306910406Z 62 PC: 12bef | Close file
2018-12-25T12:54:00.309419009Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.318253953Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:00.321748476Z 66 PC: 12cca | Move file pointer
2018-12-25T12:54:00.323673848Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-25T12:54:00.327114293Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:54:00.352343686Z 87 PC: 12d1e | Get or set file date and time
2018-12-25T12:54:00.356537487Z 62 PC: 12d22 | Close file
2018-12-25T12:54:00.376426643Z 67 PC: 12d31 | Get or set file attributes
2018-12-25T12:54:00.388676804Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.391826905Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.399505487Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.407574465Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.410093652Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.418005972Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.422174594Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.424366883Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.428200759Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.438973718Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.440984568Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.449977857Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.463061528Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.466013575Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.473346606Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.481336964Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.483385482Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.490847115Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.495309876Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.497102743Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.500296948Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.511259657Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.513880263Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.522745612Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.538067191Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.542032988Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.549724413Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.557715941Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.561263918Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.569073157Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.572569973Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.575523212Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.579110947Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.589011951Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.591827237Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.604922093Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.616826283Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.626636967Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.635453589Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.642325707Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.644438679Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.652375177Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.655823999Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.657856791Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.661591898Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.674026776Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.676162892Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.685980966Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.69857555Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.701946103Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.710363905Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.718026588Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.720565333Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.728426667Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.732798012Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.734746239Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.737994148Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.749516337Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.751629457Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.760944256Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.772772561Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.77606302Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.784095703Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.792421416Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.795079643Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.802883935Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.806578141Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.809222497Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.812426154Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.823097818Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.826065448Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.835588099Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.846737245Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.850914655Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.858790023Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.866245622Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.869402126Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.872681905Z 59 PC: 12b32 | Change current directory
2018-12-25T12:54:00.877643087Z 59 PC: 12b3c | Change current directory
2018-12-25T12:54:00.888243888Z 42 PC: 12b40 | Get date 0x12b40: cmp dl, 1
0x12b43: jne 0x12b97
0x12b45: mov ah, 0x2c
0x12b47: int 0x21
0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
2018-12-25T12:54:00.891315565Z 26 PC: 12ba4 | Set disk transfer address
2018-12-25T12:54:00.892873398Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:00.489760332Z 26 PC: 12b03 | Set disk transfer address
2018-12-25T12:54:00.491382482Z 71 PC: 12b15 | Get current directory
2018-12-25T12:54:00.49519994Z 78 PC: 12bd9 | Find first file
2018-12-25T12:54:00.503349155Z 78 PC: 12bd9 | Find first file (See above)
2018-12-25T12:54:00.515823265Z 61 PC: 12d52 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:00.529458663Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:00.537456523Z 62 PC: 12bef | Close file
2018-12-25T12:54:00.539856002Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.547743255Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:00.551591511Z 66 PC: 12cca | Move file pointer
2018-12-25T12:54:00.553607653Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-25T12:54:00.556635021Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:54:00.572688378Z 87 PC: 12d1e | Get or set file date and time
2018-12-25T12:54:00.596958924Z 62 PC: 12d22 | Close file
2018-12-25T12:54:00.605893121Z 67 PC: 12d31 | Get or set file attributes
2018-12-25T12:54:00.617231409Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.622047483Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.629492909Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.636883859Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.640461292Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.648585403Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.651970496Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.654454593Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.657594029Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.668011634Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.674688023Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.69923144Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.710343563Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.713369792Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.721290836Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.728427865Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.730612264Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.738813291Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.742082817Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.743771344Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.748647899Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.759760722Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.762196297Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.771733308Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.783027333Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.786451511Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.7958599Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.80325395Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.805844778Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.815360493Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.818802747Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.820810146Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.824448805Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.835097087Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.837228348Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.845928324Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.857586684Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.861437719Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.869484634Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.878577785Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.881278095Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.889235313Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.893262399Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.895258666Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.89852366Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.912433484Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.91419388Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.923032116Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.934785661Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.937942309Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.945360243Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.956944314Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.959131333Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.966659573Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.969917356Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.971738419Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.974260253Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.983804846Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.986037538Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.994522426Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.005515619Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.009746149Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.018160452Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.025645955Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.028948493Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.037122866Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:01.040129576Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:01.041841979Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:01.045154208Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:01.054698797Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:01.0562908Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:01.06530555Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.076256855Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.080030052Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.087922464Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.094889594Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.096951883Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.100403558Z 59 PC: 12b32 | Change current directory
2018-12-25T12:54:01.105061196Z 59 PC: 12b3c | Change current directory
2018-12-25T12:54:01.109537923Z 42 PC: 12b40 | Get date 0x12b40: cmp dl, 1
0x12b43: jne 0x12b97
0x12b45: mov ah, 0x2c
0x12b47: int 0x21
0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
2018-12-25T12:54:01.113163941Z 44 PC: 12b49 | Get time 0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
0x12b6b: push dx
0x12b6c: lea dx, word ptr [bp + 0x43b]
0x12b70: int 0x21
0x12b72: mov ah, 7
2018-12-25T12:54:01.115884547Z 9 PC: 12b67 | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T12:54:01.12216331Z 9 PC: 12b6a | Display string (String= 'Lobe')
2018-12-25T12:54:01.125390531Z 9 PC: 12b72 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T12:54:01.135839061Z 7 PC: 12b76 | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:00.810977546Z 26 PC: 12b03 | Set disk transfer address
2018-12-25T12:54:00.812792332Z 71 PC: 12b15 | Get current directory
2018-12-25T12:54:00.815971684Z 78 PC: 12bd9 | Find first file
2018-12-25T12:54:00.82178405Z 78 PC: 12bd9 | Find first file (See above)
2018-12-25T12:54:00.833773949Z 61 PC: 12d52 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:00.840149751Z 63 PC: 12beb | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:54:00.84633198Z 62 PC: 12bef | Close file
2018-12-25T12:54:00.849460373Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.856039417Z 64 PC: 12cc2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:00.858659187Z 66 PC: 12cca | Move file pointer
2018-12-25T12:54:00.860142154Z 44 PC: 12cce | Get time 0x12cce: mov word ptr [bp + 0x10c], cx
0x12cd2: and cx, 0x1f
0x12cd5: add cx, 0x200
0x12cd9: mov word ptr [bp + 0x107], cx
0x12cdd: lea di, word ptr [bp + 0x570]
0x12ce1: mov al, 0x53
0x12ce3: stosb byte ptr es:[di], al
0x12ce4: lea si, word ptr [bp + 0x103]
0x12ce8: push si
0x12ce9: mov cx, 0x10
0x12cec: push cx
0x12ced: rep movsb byte ptr es:[di], byte ptr [si]
0x12cef: mov al, 0x5b
0x12cf1: stosb byte ptr es:[di], al
0x12cf2: lea si, word ptr [bp + 0x4f7]
0x12cf6: mov cx, 0xb
0x12cf9: rep movsb byte ptr es:[di], byte ptr [si]
0x12cfb: mov al, 0x53
0x12cfd: stosb byte ptr es:[di], al
0x12cfe: pop cx
2018-12-25T12:54:00.862825366Z 64 PC: 12f2e | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:54:00.879315472Z 87 PC: 12d1e | Get or set file date and time
2018-12-25T12:54:00.880789591Z 62 PC: 12d22 | Close file
2018-12-25T12:54:00.888117833Z 67 PC: 12d31 | Get or set file attributes
2018-12-25T12:54:00.897863644Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.901228236Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.908186933Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.914381987Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.916097793Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.922973824Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.925548984Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.92678345Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.92946146Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.938195484Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.939598133Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:00.947713937Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:00.957143268Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:00.959602178Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.967083162Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:00.973242752Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:00.974985649Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:00.981916525Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:00.984538419Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:00.98580872Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:00.988813609Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:00.994498489Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:00.99554701Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:01.001022573Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.007348184Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.009118259Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.016039711Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.022434367Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.024156827Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.036149854Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:01.04061299Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:01.041558852Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:01.043609002Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:01.049422226Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:01.050639845Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:01.056021726Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.066020261Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.068523221Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.075059962Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.081673439Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.083916026Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.091778989Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:01.09552773Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:01.09714822Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:01.100892523Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:01.107636546Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:01.109024996Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:01.116643491Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.126123388Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.128543857Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.134915988Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.141133351Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.142861727Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.149301209Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:01.152117835Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:01.153320137Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:01.155834076Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:01.165021655Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:01.16640922Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:01.174049473Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.184127678Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.186994543Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.193622347Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.201257794Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.203180594Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.209674505Z 64 PC: 12cc2 | Write file or device (See above)
2018-12-25T12:54:01.213356412Z 66 PC: 12cca | Move file pointer (See above)
2018-12-25T12:54:01.214783399Z 44 PC: 12cce | Get time (See above)
2018-12-25T12:54:01.21734331Z 64 PC: 12f2e | Write file or device (See above)
2018-12-25T12:54:01.227109416Z 87 PC: 12d1e | Get or set file date and time (See above)
2018-12-25T12:54:01.228514015Z 62 PC: 12d22 | Close file (See above)
2018-12-25T12:54:01.235966399Z 67 PC: 12d31 | Get or set file attributes (See above)
2018-12-25T12:54:01.246077741Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.248651392Z 61 PC: 12d52 | Open file (See above)
2018-12-25T12:54:01.255005237Z 63 PC: 12beb | Read file or device (See above)
2018-12-25T12:54:01.261979062Z 62 PC: 12bef | Close file (See above)
2018-12-25T12:54:01.264009756Z 79 PC: 12bd9 | Find next file (See above)
2018-12-25T12:54:01.266615353Z 59 PC: 12b32 | Change current directory
2018-12-25T12:54:01.271851975Z 59 PC: 12b3c | Change current directory
2018-12-25T12:54:01.28085341Z 42 PC: 12b40 | Get date 0x12b40: cmp dl, 1
0x12b43: jne 0x12b97
0x12b45: mov ah, 0x2c
0x12b47: int 0x21
0x12b49: cmp dl, 0x55
0x12b4c: jg 0x12b97
0x12b4e: and dx, 7
0x12b51: shl dl, 1
0x12b53: mov bx, bp
0x12b55: add bx, dx
0x12b57: mov dx, word ptr [bx + 0x3b3]
0x12b5b: add dx, bp
0x12b5d: inc dx
0x12b5e: push dx
0x12b5f: mov ah, 9
0x12b61: lea dx, word ptr [bp + 0x40a]
0x12b65: int 0x21
0x12b67: pop dx
0x12b68: int 0x21
0x12b6a: dec dx
2018-12-25T12:54:01.283154412Z 26 PC: 12ba4 | Set disk transfer address
2018-12-25T12:54:01.285325358Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')