Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Ear.1024.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:54:49.969471594Z 26 PC: 12ac8 | Set disk transfer address
2018-12-17T21:54:49.971935802Z 71 PC: 12ada | Get current directory
2018-12-17T21:54:49.974438703Z 78 PC: 12b9e | Find first file
2018-12-17T21:54:49.97851737Z 61 PC: 12d18 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:54:49.990495305Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:49.997563144Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:49.999780985Z 61 PC: 12d18 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:54:50.013331567Z 64 PC: 12c87 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T21:54:50.01927823Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.022338424Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.025790425Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.115921185Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.118148457Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.131794274Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.142188566Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.144627906Z 78 PC: 12b9e | Find first file
2018-12-17T21:54:50.151440814Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:54:50.160211176Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.171896733Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.174184983Z 61 PC: 12d18 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:54:50.178993303Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.181932226Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.183172932Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.186042399Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.193151187Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.194829861Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.203153906Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.219961453Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.22393708Z 61 PC: 12d18 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:54:50.23358921Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.241245949Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.24398122Z 61 PC: 12d18 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:54:50.252870969Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.258617622Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.259973681Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.263035364Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.272663008Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.274636994Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.282960978Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.293672545Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.297383028Z 61 PC: 12d18 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:54:50.30445375Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.311161065Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.313110566Z 61 PC: 12d18 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:54:50.319572781Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.322939872Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.324652865Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.327610768Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.356230944Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.358865488Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.36668907Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.406745025Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.409465477Z 61 PC: 12d18 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:54:50.416644342Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.424220967Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.441741359Z 61 PC: 12d18 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:54:50.448725814Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.452013473Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.45457643Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.457477854Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.466505235Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.4693988Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.477833247Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.487849542Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.491809475Z 61 PC: 12d18 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:54:50.498572118Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.505121055Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.508416335Z 61 PC: 12d18 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:54:50.515326584Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.518159362Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.520645379Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.523303435Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.532262826Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.534549372Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.542283027Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.552643246Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.556043006Z 61 PC: 12d18 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:54:50.562591873Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.569055715Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.571562952Z 61 PC: 12d18 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:54:50.578889202Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.582258698Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.584980036Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.588429744Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.598028587Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.600202456Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.609601827Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.620033795Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.62267972Z 61 PC: 12d18 | Open file (Filename = 'PAH.COM')
2018-12-17T21:54:50.633934512Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:54:50.654306863Z 62 PC: 12bb4 | Close file
2018-12-17T21:54:50.656554372Z 61 PC: 12d18 | Open file (Filename = 'PAH.COM')
2018-12-17T21:54:50.669603506Z 64 PC: 12c87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:54:50.672678396Z 66 PC: 12c90 | Move file pointer
2018-12-17T21:54:50.675140416Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-17T21:54:50.692567572Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T21:54:50.711588895Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:54:50.713625751Z 62 PC: 12ce8 | Close file
2018-12-17T21:54:50.723130769Z 67 PC: 12cf7 | Get or set file attributes
2018-12-17T21:54:50.734761801Z 79 PC: 12b9e | Find next file
2018-12-17T21:54:50.738378551Z 59 PC: 12af7 | Change current directory
2018-12-17T21:54:50.74373251Z 59 PC: 12b01 | Change current directory
2018-12-17T21:54:50.748574199Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-17T21:54:50.751363336Z 26 PC: 12b69 | Set disk transfer address
2018-12-17T21:54:50.753680741Z 9 PC: 12a67 | Display string (String= 'This is a tiny COM program. ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":524,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:03.467113013Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:41:03.469869533Z 71 PC: 12ada | Get current directory
2018-12-25T11:41:03.473055646Z 78 PC: 12b9e | Find first file
2018-12-25T11:41:03.482884225Z 61 PC: 12d18 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:03.495641226Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:03.502298392Z 62 PC: 12bb4 | Close file
2018-12-25T11:41:03.5041586Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.511151133Z 64 PC: 12c87 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:41:03.514393108Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:41:03.515959975Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:41:03.518851418Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:41:03.541671935Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:41:03.543611666Z 62 PC: 12ce8 | Close file
2018-12-25T11:41:03.551723148Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:41:03.572840622Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.577620099Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:41:03.584310916Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.606687123Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.613595344Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.615531279Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.623001678Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.625848813Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.627197526Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.630207485Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.639378927Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.640999093Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.647697165Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.660157046Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.663468641Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.669976456Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.677760803Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.679723332Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.68634183Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.690441856Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.692017946Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.694822804Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.705136185Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.706964514Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.715803697Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.726709525Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.73159588Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.739644679Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.746985508Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.749279528Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.756008677Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.759010391Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.762019709Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.764962533Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.775855111Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.778195811Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.785736612Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.796265789Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.799774759Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.806160226Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.812752774Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.815309238Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.822221724Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.824890438Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.826833537Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.829507604Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.838143463Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.840036537Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.847473524Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.857221013Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.86150732Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.87484593Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.88186483Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.885432847Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.892898079Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.895824429Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.897542546Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.900827789Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.909517249Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.911086834Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.919515885Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.928982632Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.932654386Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.940573715Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.946930846Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.948987435Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.956479457Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.959294869Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.961421548Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.965140677Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.973939966Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.975432369Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.98403763Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.99352071Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.996089732Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:04.003715639Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:04.009818078Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:04.011605994Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:04.018582038Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:04.021295482Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:04.02270263Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:04.025810286Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:04.034445637Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:04.036218031Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:04.045505574Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:04.057321671Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:04.07197055Z 59 PC: 12af7 | Change current directory
2018-12-25T11:41:04.076628017Z 59 PC: 12b01 | Change current directory
2018-12-25T11:41:04.080784361Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:41:04.083191795Z 44 PC: 12b0e | Get time 0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
0x12b30: push dx
0x12b31: lea dx, word ptr [bp + 0x43d]
0x12b35: int 0x21
0x12b37: mov ah, 7
2018-12-25T11:41:04.086132546Z 9 PC: 12b2c | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T11:41:04.091543803Z 9 PC: 12b2f | Display string (String= 'Auditory Canal')
2018-12-25T11:41:04.093675052Z 9 PC: 12b37 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T11:41:04.104006548Z 7 PC: 12b3b | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":524,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:03.47398362Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:41:03.476038879Z 71 PC: 12ada | Get current directory
2018-12-25T11:41:03.479127513Z 78 PC: 12b9e | Find first file
2018-12-25T11:41:03.48537069Z 61 PC: 12d18 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:03.498062053Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:03.505078177Z 62 PC: 12bb4 | Close file
2018-12-25T11:41:03.507290022Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.514254634Z 64 PC: 12c87 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:41:03.517695294Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:41:03.5189906Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:41:03.52245083Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:41:03.541302133Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:41:03.543149158Z 62 PC: 12ce8 | Close file
2018-12-25T11:41:03.550885247Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:41:03.562792039Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.566034254Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:41:03.575516476Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.583110284Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.591553966Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.593462747Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.60168461Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.605050781Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.606969054Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.611374824Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.620696064Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.62220662Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.631888043Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.642221151Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.645154209Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.652815902Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.659881618Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.662055537Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.669142561Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.672146885Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.673421255Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.675817563Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.683219629Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.68461939Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.690959686Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.699708054Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.702093632Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.708995104Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.715854142Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.717759083Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.724247544Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.728003189Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.729443751Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.732622179Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.741755635Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.743873273Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.751566051Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.761801643Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.764615544Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.771214585Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.778605327Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.780541793Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.787047592Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.790273815Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.791684761Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.794503489Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.80393624Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.805366431Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.812899692Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.823233145Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.826258981Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.833967501Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.841474868Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.843243561Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.849958202Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.853751855Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.855090445Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.857643618Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.883224763Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.885810206Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.893326712Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.904593829Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.907576054Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.914543044Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.922849779Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.925219435Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.932115683Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.935587101Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.937090525Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.940015056Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.950271526Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.952392569Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.960097796Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.97064891Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.974007115Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.980318218Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.986611269Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.989342354Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.995959472Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.999625944Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:04.001984051Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:04.004539223Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:04.013077434Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:04.015490645Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:04.023062098Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:04.033293558Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:04.037320828Z 59 PC: 12af7 | Change current directory
2018-12-25T11:41:04.04135397Z 59 PC: 12b01 | Change current directory
2018-12-25T11:41:04.045192136Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:41:04.048015609Z 26 PC: 12b69 | Set disk transfer address
2018-12-25T11:41:04.04903322Z 9 PC: 12a67 | Display string (String= 'This is a tiny COM program. ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":524,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:03.532835355Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:41:03.534835488Z 71 PC: 12ada | Get current directory
2018-12-25T11:41:03.538253166Z 78 PC: 12b9e | Find first file
2018-12-25T11:41:03.546098708Z 61 PC: 12d18 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:03.554166541Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:03.558462946Z 62 PC: 12bb4 | Close file
2018-12-25T11:41:03.561141289Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.56897255Z 64 PC: 12c87 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:41:03.573554089Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:41:03.575343703Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:41:03.578506723Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:41:03.597260895Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:41:03.599137664Z 62 PC: 12ce8 | Close file
2018-12-25T11:41:03.607887037Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:41:03.618875171Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.622026964Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:41:03.628121525Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.634118551Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.638917192Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.640431288Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.64492613Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.64882178Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.650043236Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.652308003Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.659587603Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.661028275Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.667522205Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.6920707Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.694570168Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.699340168Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.704006579Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.706558445Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.714145511Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.717751703Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.721036605Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.72407261Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.73370278Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.735768501Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.744165074Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.75506398Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.759969744Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.767160072Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.790048009Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.792649327Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.800376819Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.803457793Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.805684216Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.808615631Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.818432997Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.820029556Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.829479929Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.840297003Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.843647442Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.851614421Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.858680744Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.861067417Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.870023038Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.87317575Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.874763011Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.88092792Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.891516078Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.893344561Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.903186667Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.914493775Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.917825207Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.92578756Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:03.933309299Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:03.935459969Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.943032368Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:03.946677415Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:03.948651337Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:03.952031886Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:03.963163014Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:03.964842316Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:03.97397282Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:03.986531322Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:03.989554763Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:03.996724491Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:04.004308491Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:04.006924637Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:04.014476275Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:04.018025101Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:04.02045694Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:04.023469327Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:04.034017972Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:04.035723885Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:04.044238724Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:04.056176238Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:04.060336552Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:04.067712373Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:04.074892785Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:04.078536428Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:04.087126989Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:04.091573646Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:04.094733177Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:04.09804605Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:04.108611633Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:04.111213386Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:04.1207352Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:04.132625459Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:04.137400807Z 59 PC: 12af7 | Change current directory
2018-12-25T11:41:04.142567322Z 59 PC: 12b01 | Change current directory
2018-12-25T11:41:04.147414555Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:41:04.15016105Z 26 PC: 12b69 | Set disk transfer address
2018-12-25T11:41:04.152733463Z 9 PC: 12a67 | Display string (String= 'This is a tiny COM program. ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":524,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:09.167672645Z 26 PC: 12ac8 | Set disk transfer address
2018-12-25T11:41:09.169725714Z 71 PC: 12ada | Get current directory
2018-12-25T11:41:09.172588369Z 78 PC: 12b9e | Find first file
2018-12-25T11:41:09.179251195Z 61 PC: 12d18 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:09.185848534Z 63 PC: 12bb0 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:09.190195316Z 62 PC: 12bb4 | Close file
2018-12-25T11:41:09.192085974Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.198819132Z 64 PC: 12c87 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:41:09.207064521Z 66 PC: 12c90 | Move file pointer
2018-12-25T11:41:09.208755948Z 44 PC: 12c94 | Get time 0x12c94: mov word ptr [bp + 0x10c], cx
0x12c98: and cx, 0x1f
0x12c9b: add cx, 0x200
0x12c9f: mov word ptr [bp + 0x107], cx
0x12ca3: lea di, word ptr [bp + 0x570]
0x12ca7: mov al, 0x53
0x12ca9: stosb byte ptr es:[di], al
0x12caa: lea si, word ptr [bp + 0x103]
0x12cae: push si
0x12caf: mov cx, 0x10
0x12cb2: push cx
0x12cb3: rep movsb byte ptr es:[di], byte ptr [si]
0x12cb5: mov al, 0x5b
0x12cb7: stosb byte ptr es:[di], al
0x12cb8: lea si, word ptr [bp + 0x4f7]
0x12cbc: mov cx, 0xb
0x12cbf: rep movsb byte ptr es:[di], byte ptr [si]
0x12cc1: mov al, 0x53
0x12cc3: stosb byte ptr es:[di], al
0x12cc4: pop cx
2018-12-25T11:41:09.211690023Z 64 PC: 12ef3 | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:41:09.227512981Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:41:09.228958541Z 62 PC: 12ce8 | Close file
2018-12-25T11:41:09.25031176Z 67 PC: 12cf7 | Get or set file attributes
2018-12-25T11:41:09.260668745Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.26316685Z 78 PC: 12b9e | Find first file (See above)
2018-12-25T11:41:09.269150686Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.276434509Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.283042362Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.28495122Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.291785664Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.295365701Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.296787639Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.299446311Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.309051195Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.310419182Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.317631892Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.327799541Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.33031645Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.348866623Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.355556792Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.357412026Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.363857036Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.367473017Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.368996392Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.371631087Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.380821159Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.382314239Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.38977062Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.399800994Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.402710412Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.408973692Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.415247967Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.417620225Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.423972914Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.426583777Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.428936879Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.431419957Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.440458152Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.442462891Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.455473337Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.465169727Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.468623541Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.474893881Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.481023549Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.48389261Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.491314011Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.494338566Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.496816452Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.500025693Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.509508784Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.511607845Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.520230322Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.530208339Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.532820937Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.539308289Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.545643113Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.547531307Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.554356889Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.556232703Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.557370404Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.559646682Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.565414617Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.566656611Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.572259844Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.578297944Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.580074221Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.585368978Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.589426125Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.590979839Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.595986327Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.598099139Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.599487221Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.602216457Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.613259208Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.615077489Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.630682186Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.643057184Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.645751831Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.652671831Z 63 PC: 12bb0 | Read file or device (See above)
2018-12-25T11:41:09.658892956Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T11:41:09.660721286Z 61 PC: 12d18 | Open file (See above)
2018-12-25T11:41:09.667580481Z 64 PC: 12c87 | Write file or device (See above)
2018-12-25T11:41:09.670209396Z 66 PC: 12c90 | Move file pointer (See above)
2018-12-25T11:41:09.671547529Z 44 PC: 12c94 | Get time (See above)
2018-12-25T11:41:09.675146074Z 64 PC: 12ef3 | Write file or device (See above)
2018-12-25T11:41:09.683949801Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:41:09.685687888Z 62 PC: 12ce8 | Close file (See above)
2018-12-25T11:41:09.694357234Z 67 PC: 12cf7 | Get or set file attributes (See above)
2018-12-25T11:41:09.702426598Z 79 PC: 12b9e | Find next file (See above)
2018-12-25T11:41:09.704937542Z 59 PC: 12af7 | Change current directory
2018-12-25T11:41:09.710337241Z 59 PC: 12b01 | Change current directory
2018-12-25T11:41:09.714111909Z 42 PC: 12b05 | Get date 0x12b05: cmp dl, 1
0x12b08: jne 0x12b5c
0x12b0a: mov ah, 0x2c
0x12b0c: int 0x21
0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
2018-12-25T11:41:09.716159532Z 44 PC: 12b0e | Get time 0x12b0e: cmp dl, 0x55
0x12b11: jg 0x12b5c
0x12b13: and dx, 7
0x12b16: shl dl, 1
0x12b18: mov bx, bp
0x12b1a: add bx, dx
0x12b1c: mov dx, word ptr [bx + 0x3b4]
0x12b20: add dx, bp
0x12b22: inc dx
0x12b23: push dx
0x12b24: mov ah, 9
0x12b26: lea dx, word ptr [bp + 0x40c]
0x12b2a: int 0x21
0x12b2c: pop dx
0x12b2d: int 0x21
0x12b2f: dec dx
0x12b30: push dx
0x12b31: lea dx, word ptr [bp + 0x43d]
0x12b35: int 0x21
0x12b37: mov ah, 7
2018-12-25T11:41:09.718710417Z 9 PC: 12b2c | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T11:41:09.724048739Z 9 PC: 12b2f | Display string (String= 'Eustachian Tube')
2018-12-25T11:41:09.726187332Z 9 PC: 12b37 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T11:41:09.735566281Z 7 PC: 12b3b | Direct console input without echo