Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Ear.1024.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:11.455844232Z 26 PC: 12aa2 | Set disk transfer address
2018-12-17T22:48:11.457377307Z 71 PC: 12ab4 | Get current directory
2018-12-17T22:48:11.461121171Z 78 PC: 12b78 | Find first file
2018-12-17T22:48:11.467513166Z 78 PC: 12b78 | Find first file
2018-12-17T22:48:11.474329343Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:11.4814579Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.488160119Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.490380115Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:11.4985131Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.501447276Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.503226289Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.506956447Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.523750313Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.52532979Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.534428799Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.545340118Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.548117195Z 61 PC: 12cf1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:11.555665233Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.563099905Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.565031361Z 61 PC: 12cf1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:11.572634561Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.575763896Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.577186433Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.580262787Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.590413682Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.592139842Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.599973118Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.606684007Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.608527933Z 61 PC: 12cf1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:11.61272273Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.617374873Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.618802826Z 61 PC: 12cf1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:11.623074198Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.625506382Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.626694541Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.628667827Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.635522526Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.636720614Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.643129493Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.657750135Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.660657825Z 61 PC: 12cf1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:11.668483131Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.676444654Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.678631272Z 61 PC: 12cf1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:11.685978684Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.6890615Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.690586461Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.69340869Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.702965529Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.704662359Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.712846389Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.724077397Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.727586618Z 61 PC: 12cf1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:48:11.734480994Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.741050742Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.743443713Z 61 PC: 12cf1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:48:11.750702209Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.75366169Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.755904266Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.759594439Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.769223437Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.771606067Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.780353405Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.789025096Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.794007737Z 61 PC: 12cf1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:11.801292243Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.808164836Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.810164551Z 61 PC: 12cf1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:11.817923041Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.820816144Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.822263527Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.826447903Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.837049142Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.838880626Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.848456766Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.860874092Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.864019341Z 61 PC: 12cf1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:48:11.872679749Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.880343906Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.882478954Z 61 PC: 12cf1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:48:11.890794177Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:11.894261356Z 66 PC: 12c69 | Move file pointer
2018-12-17T22:48:11.896003848Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-17T22:48:11.900357702Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:48:11.910530536Z 87 PC: 12cbd | Get or set file date and time
2018-12-17T22:48:11.912618766Z 62 PC: 12cc1 | Close file
2018-12-17T22:48:11.921743867Z 67 PC: 12cd0 | Get or set file attributes
2018-12-17T22:48:11.93307564Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.936188222Z 61 PC: 12cf1 | Open file (Filename = 'TEST.COM')
2018-12-17T22:48:11.943709519Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:11.952311094Z 62 PC: 12b8e | Close file
2018-12-17T22:48:11.954811293Z 79 PC: 12b78 | Find next file
2018-12-17T22:48:11.957953992Z 59 PC: 12adb | Change current directory
2018-12-17T22:48:11.963568704Z 42 PC: 12adf | Get date 0x12adf: cmp dl, 1
0x12ae2: jne 0x12b36
0x12ae4: mov ah, 0x2c
0x12ae6: int 0x21
0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
2018-12-17T22:48:11.965203853Z 26 PC: 12b43 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9465,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:13.458518055Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:23:13.461144464Z 71 PC: 12ab4 | Get current directory
2018-12-25T12:23:13.464296623Z 78 PC: 12b78 | Find first file
2018-12-25T12:23:13.470756489Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T12:23:13.477738176Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:13.484874623Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:13.491566066Z 62 PC: 12b8e | Close file
2018-12-25T12:23:13.493946536Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.501489975Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:13.504567718Z 66 PC: 12c69 | Move file pointer
2018-12-25T12:23:13.506693814Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-25T12:23:13.510174631Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:23:13.78570253Z 87 PC: 12cbd | Get or set file date and time
2018-12-25T12:23:13.78730542Z 62 PC: 12cc1 | Close file
2018-12-25T12:23:13.796685822Z 67 PC: 12cd0 | Get or set file attributes
2018-12-25T12:23:13.807901828Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.810893031Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.818946208Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.826534717Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.829155289Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.838339137Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.841801969Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.843243954Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.846883438Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.861120844Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.863225243Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.872489027Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.883859535Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.887235636Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.895050343Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.902855925Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.904794688Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.912104942Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.915644459Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.918428286Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.921518903Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.931875507Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.933472137Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.941968174Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.953484615Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.956377897Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.963710352Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.971200889Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.973892997Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.982860675Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.987279368Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.989554188Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.992890047Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.003028065Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.005422115Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.01420462Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.025423225Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.029820161Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.037604827Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.045058902Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.049045535Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.056887641Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.060209741Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.062678303Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.065905223Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.076660779Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.078609659Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.087334414Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.097078596Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.099005645Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.103724214Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.107843332Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.109170663Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.114419059Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.116471337Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.11778967Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.120268991Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.134183286Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.135625058Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.143966289Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.1559097Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.15903723Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.167360246Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.174231472Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.177070583Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.184530125Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.1878576Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.189678861Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.192859811Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.203466727Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.205122554Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.213862099Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.225663924Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.228714101Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.236898466Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.240588434Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.244123443Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.247209601Z 59 PC: 12adb | Change current directory
2018-12-25T12:23:14.252783934Z 42 PC: 12adf | Get date 0x12adf: cmp dl, 1
0x12ae2: jne 0x12b36
0x12ae4: mov ah, 0x2c
0x12ae6: int 0x21
0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
2018-12-25T12:23:14.25556621Z 44 PC: 12ae8 | Get time 0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
0x12b0a: push dx
0x12b0b: lea dx, word ptr [bp + 0x43b]
0x12b0f: int 0x21
0x12b11: mov ah, 7
2018-12-25T12:23:14.258348164Z 9 PC: 12b06 | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T12:23:14.265339707Z 9 PC: 12b09 | Display string (String= 'Eustachian Tube')
2018-12-25T12:23:14.267863108Z 9 PC: 12b11 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T12:23:14.278159482Z 7 PC: 12b15 | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9465,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:13.716044881Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:23:13.717814652Z 71 PC: 12ab4 | Get current directory
2018-12-25T12:23:13.720500096Z 78 PC: 12b78 | Find first file
2018-12-25T12:23:13.726293289Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T12:23:13.738902618Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:13.745400854Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:13.755333094Z 62 PC: 12b8e | Close file
2018-12-25T12:23:13.759061348Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.771705279Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:13.779613857Z 66 PC: 12c69 | Move file pointer
2018-12-25T12:23:13.781016156Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-25T12:23:13.784309799Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:23:13.80636569Z 87 PC: 12cbd | Get or set file date and time
2018-12-25T12:23:13.808267656Z 62 PC: 12cc1 | Close file
2018-12-25T12:23:13.816817529Z 67 PC: 12cd0 | Get or set file attributes
2018-12-25T12:23:13.826548333Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.828993009Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.837802974Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.844258382Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.846312819Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.853920819Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.858082784Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.859471205Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.862348461Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.871569113Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.873439795Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.88383824Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.896674519Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.899193188Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.905701733Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.91239773Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.914200102Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.921591998Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.925453414Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.926848287Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.929433682Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.9437579Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.945178154Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.952402062Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.962504532Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.965029889Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.970695913Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.976895919Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.978706001Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.985333287Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.988732968Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.990577397Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.993157327Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.001503642Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.002915739Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.010220859Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.020510402Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.022964938Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.029191004Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.035569574Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.037232682Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.043608831Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.046920778Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.04811439Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.05057525Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.060099522Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.062990607Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.070407579Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.089595197Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.092379799Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.09880243Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.105564938Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.10735311Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.113748946Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.116919214Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.118321119Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.120772105Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.162182004Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.163603936Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.20039053Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.220515598Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.222473899Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.227022827Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.231528698Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.232878597Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.237082577Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.239455635Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.240534755Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.242418181Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.330705034Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.331959424Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.395613613Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.438408858Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.440904961Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.447736798Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.454588005Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.45626705Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.459281154Z 59 PC: 12adb | Change current directory
2018-12-25T12:23:14.463623508Z 42 PC: 12adf | Get date 0x12adf: cmp dl, 1
0x12ae2: jne 0x12b36
0x12ae4: mov ah, 0x2c
0x12ae6: int 0x21
0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
2018-12-25T12:23:14.46569965Z 26 PC: 12b43 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9465,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:13.774134873Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:23:13.778525218Z 71 PC: 12ab4 | Get current directory
2018-12-25T12:23:13.781381015Z 78 PC: 12b78 | Find first file
2018-12-25T12:23:13.78783642Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T12:23:13.794393344Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:13.801209343Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:13.80776548Z 62 PC: 12b8e | Close file
2018-12-25T12:23:13.812260569Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.824533085Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:13.83147351Z 66 PC: 12c69 | Move file pointer
2018-12-25T12:23:13.83562593Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-25T12:23:13.838911469Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:23:13.853691169Z 87 PC: 12cbd | Get or set file date and time
2018-12-25T12:23:13.855471832Z 62 PC: 12cc1 | Close file
2018-12-25T12:23:13.863880447Z 67 PC: 12cd0 | Get or set file attributes
2018-12-25T12:23:13.873597726Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.876574707Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.883992324Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.890464985Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.892120442Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.899696222Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.90231062Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.903502736Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.906595947Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.919598361Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.921310964Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.930058754Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.939519451Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.941280441Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.94576368Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.952812838Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.9549094Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.962709387Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.96595799Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.967515744Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.970368482Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.979648571Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.981054289Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.988743744Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.999687173Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.003032523Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.009320697Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.016587806Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.018977473Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.026546815Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.029910566Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.031187475Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.033644322Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.043743612Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.04532003Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.052874111Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.065151499Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.067730378Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.074364446Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.081320446Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.083474298Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.090666748Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.094862879Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.099897395Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.102762452Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.142941339Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.144555035Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.180751665Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.196500444Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.198931068Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.205126054Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.211648745Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.213350981Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.219585007Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.222879635Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.22453942Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.227951692Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.305030082Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.30626775Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.369049603Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.413893214Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.417056102Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.423928503Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.431533802Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.433608047Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.440210094Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.443426286Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.444709034Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.447472754Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.487749089Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.489198789Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.544583031Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.59034132Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.593182167Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.599805551Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.606877052Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.609309214Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.611842754Z 59 PC: 12adb | Change current directory
2018-12-25T12:23:14.61588322Z 42 PC: 12adf | Get date 0x12adf: cmp dl, 1
0x12ae2: jne 0x12b36
0x12ae4: mov ah, 0x2c
0x12ae6: int 0x21
0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
2018-12-25T12:23:14.619300537Z 44 PC: 12ae8 | Get time 0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
0x12b0a: push dx
0x12b0b: lea dx, word ptr [bp + 0x43b]
0x12b0f: int 0x21
0x12b11: mov ah, 7
2018-12-25T12:23:14.621785618Z 9 PC: 12b06 | Display string (String= 'PHALCON/SKISM 1992 [Ear-6] Alert! Where is the ')
2018-12-25T12:23:14.628047195Z 9 PC: 12b09 | Display string (String= 'Eustachian Tube')
2018-12-25T12:23:14.631149537Z 9 PC: 12b11 | Display string (String= ' located? 1. External Ear 2. Middle Ear 3. Inner Ear ( )')
2018-12-25T12:23:14.639844757Z 7 PC: 12b15 | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9465,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:13.772308787Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:23:13.774345643Z 71 PC: 12ab4 | Get current directory
2018-12-25T12:23:13.777296192Z 78 PC: 12b78 | Find first file
2018-12-25T12:23:13.783247501Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T12:23:13.796801042Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:13.805226909Z 63 PC: 12b8a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:13.811952551Z 62 PC: 12b8e | Close file
2018-12-25T12:23:13.814016375Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.821528498Z 64 PC: 12c61 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:13.824437544Z 66 PC: 12c69 | Move file pointer
2018-12-25T12:23:13.825854283Z 44 PC: 12c6d | Get time 0x12c6d: mov word ptr [bp + 0x10c], cx
0x12c71: and cx, 0x1f
0x12c74: add cx, 0x200
0x12c78: mov word ptr [bp + 0x107], cx
0x12c7c: lea di, word ptr [bp + 0x571]
0x12c80: mov al, 0x53
0x12c82: stosb byte ptr es:[di], al
0x12c83: lea si, word ptr [bp + 0x103]
0x12c87: push si
0x12c88: mov cx, 0x10
0x12c8b: push cx
0x12c8c: rep movsb byte ptr es:[di], byte ptr [si]
0x12c8e: mov al, 0x5b
0x12c90: stosb byte ptr es:[di], al
0x12c91: lea si, word ptr [bp + 0x4f7]
0x12c95: mov cx, 0xb
0x12c98: rep movsb byte ptr es:[di], byte ptr [si]
0x12c9a: mov al, 0x53
0x12c9c: stosb byte ptr es:[di], al
0x12c9d: pop cx
2018-12-25T12:23:13.829313265Z 64 PC: 12ece | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:23:13.84648514Z 87 PC: 12cbd | Get or set file date and time
2018-12-25T12:23:13.847897011Z 62 PC: 12cc1 | Close file
2018-12-25T12:23:13.861883573Z 67 PC: 12cd0 | Get or set file attributes
2018-12-25T12:23:13.872809397Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.876500883Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.885265619Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.892670633Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.89517898Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.904120076Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.907729609Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.909679447Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.913052639Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.920642516Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.922050798Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:13.930548227Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:13.941679354Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:13.945333311Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.952402395Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:13.960035654Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:13.962550024Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:13.970498051Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:13.979337716Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:13.980887059Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:13.983743071Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:13.994038095Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:13.995647897Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.00397009Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.016736307Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.019644875Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.026815508Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.033888086Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.03605497Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.043213575Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.046135141Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.047927828Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.050812274Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.060380697Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.062596674Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.07100192Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.082155265Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.085578726Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.093240769Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.100417852Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.10340885Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.111374033Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.114716267Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.116994564Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.120323493Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.130527944Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.133357946Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.142635375Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.153199943Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.155871924Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.163641288Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.171129745Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.174120279Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.182591371Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.185932271Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.187876057Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.19158869Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.201295334Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.203582499Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.212407489Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.222872363Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.225696994Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.233445487Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.240658414Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.24279839Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.250546271Z 64 PC: 12c61 | Write file or device (See above)
2018-12-25T12:23:14.253583263Z 66 PC: 12c69 | Move file pointer (See above)
2018-12-25T12:23:14.255116425Z 44 PC: 12c6d | Get time (See above)
2018-12-25T12:23:14.258730408Z 64 PC: 12ece | Write file or device (See above)
2018-12-25T12:23:14.269139595Z 87 PC: 12cbd | Get or set file date and time (See above)
2018-12-25T12:23:14.270694157Z 62 PC: 12cc1 | Close file (See above)
2018-12-25T12:23:14.279950233Z 67 PC: 12cd0 | Get or set file attributes (See above)
2018-12-25T12:23:14.291165533Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.29445277Z 61 PC: 12cf1 | Open file (See above)
2018-12-25T12:23:14.302270927Z 63 PC: 12b8a | Read file or device (See above)
2018-12-25T12:23:14.310577428Z 62 PC: 12b8e | Close file (See above)
2018-12-25T12:23:14.313073307Z 79 PC: 12b78 | Find next file (See above)
2018-12-25T12:23:14.316287669Z 59 PC: 12adb | Change current directory
2018-12-25T12:23:14.32227134Z 42 PC: 12adf | Get date 0x12adf: cmp dl, 1
0x12ae2: jne 0x12b36
0x12ae4: mov ah, 0x2c
0x12ae6: int 0x21
0x12ae8: cmp dl, 0x55
0x12aeb: jg 0x12b36
0x12aed: and dx, 7
0x12af0: shl dl, 1
0x12af2: mov bx, bp
0x12af4: add bx, dx
0x12af6: mov dx, word ptr [bx + 0x3b3]
0x12afa: add dx, bp
0x12afc: inc dx
0x12afd: push dx
0x12afe: mov ah, 9
0x12b00: lea dx, word ptr [bp + 0x40a]
0x12b04: int 0x21
0x12b06: pop dx
0x12b07: int 0x21
0x12b09: dec dx
2018-12-25T12:23:14.325088488Z 26 PC: 12b43 | Set disk transfer address