Sample viewer

vx.netlux.org/Virus.DOS.Ms.748

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:42.832218085Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:42.834002748Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:42.835101169Z 26 PC: 12ad1 | Set disk transfer address
2018-12-17T22:58:42.836355573Z 78 PC: 12adb | Find first file
2018-12-17T22:58:42.842631588Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:42.848173421Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:42.854523547Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:42.86237971Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:42.864088086Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:42.866383105Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:42.868830508Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:42.872081Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:42.874236577Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:42.876374723Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:42.880068688Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-17T22:58:42.894726193Z 62 PC: 12c1d | Close file
2018-12-17T22:58:42.902568009Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:42.905821016Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:42.911303225Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:42.917965169Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:42.924695388Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:42.925983654Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:42.928029943Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:42.93074732Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:42.932757949Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:42.934766954Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:42.93730759Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:42.939499502Z 64 PC: 12c19 | Write file or device (Write 775 bytes on handle 5)
2018-12-17T22:58:42.947532732Z 62 PC: 12c1d | Close file
2018-12-17T22:58:42.956314343Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:42.959050169Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:42.965490293Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:42.972442068Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:42.979078208Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:42.980437519Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:42.98327092Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:42.985597302Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:42.98784929Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:42.990764146Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:42.993303565Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:42.995936418Z 64 PC: 12c19 | Write file or device (Write 840 bytes on handle 5)
2018-12-17T22:58:43.004792961Z 62 PC: 12c1d | Close file
2018-12-17T22:58:43.012939198Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:43.015783822Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:43.021450345Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:43.03081986Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:43.037606403Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:43.039215208Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:43.042593246Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:43.044930102Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:43.047535247Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:43.050961096Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:43.053133399Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:43.055503894Z 64 PC: 12c19 | Write file or device (Write 777 bytes on handle 5)
2018-12-17T22:58:43.064486594Z 62 PC: 12c1d | Close file
2018-12-17T22:58:43.073189533Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:43.076058145Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:43.083089776Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:43.089723973Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:43.096043152Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:43.098765424Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:43.101211499Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:43.103810799Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:43.107982128Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:43.110568982Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:43.113138168Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:43.116951356Z 64 PC: 12c19 | Write file or device (Write 777 bytes on handle 5)
2018-12-17T22:58:43.125467368Z 62 PC: 12c1d | Close file
2018-12-17T22:58:43.133827031Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:43.136862504Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:43.143039442Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:43.149469484Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:43.155808373Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:43.158361618Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:43.160496873Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:43.162645587Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:43.166180262Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:43.168348509Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:43.170947607Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:43.174126846Z 64 PC: 12c19 | Write file or device (Write 1249 bytes on handle 5)
2018-12-17T22:58:43.183128683Z 62 PC: 12c1d | Close file
2018-12-17T22:58:43.191246742Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:43.194869744Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:43.200770878Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:43.207514152Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:43.216306924Z 66 PC: 12b28 | Move file pointer
2018-12-17T22:58:43.217804925Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-17T22:58:43.220113287Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-17T22:58:43.224269719Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-17T22:58:43.22675352Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-17T22:58:43.229321781Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-17T22:58:43.232785062Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-17T22:58:43.235363447Z 64 PC: 12c19 | Write file or device (Write 777 bytes on handle 5)
2018-12-17T22:58:43.243767541Z 62 PC: 12c1d | Close file
2018-12-17T22:58:43.253261958Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:43.256368854Z 67 PC: 12ae8 | Get or set file attributes
2018-12-17T22:58:43.262340034Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-17T22:58:43.269148648Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:58:43.276839069Z 62 PC: 12c1d | Close file
2018-12-17T22:58:43.278431762Z 79 PC: 12c23 | Find next file
2018-12-17T22:58:43.280603676Z 26 PC: 12c2f | Set disk transfer address
2018-12-17T22:58:43.2823356Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:04.934219779Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.936728378Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.93870566Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:04.94021564Z 78 PC: 12adb | Find first file
2018-12-25T12:37:04.947038547Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:04.954952052Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:04.962304816Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:04.969297453Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:04.971600149Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:04.974560587Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:04.977419192Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:04.980933391Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:04.984181565Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:04.988413673Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:04.993126517Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.014782938Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.025576954Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.029555375Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.050347566Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.05796856Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.065397632Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.066973258Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.069298719Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.071442097Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.076367677Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.078779995Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.08189313Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.085204369Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.095358667Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.104368169Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.108125187Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.115057958Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.122716431Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.131137717Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.13333253Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.136144896Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.139663684Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.142751755Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.145437255Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.148723569Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.152344164Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.161523302Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.170983113Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.175192736Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.181947335Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.189594483Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.198093739Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.200514084Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.203407884Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.207042845Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.210210987Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.213076187Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.217338563Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.221012741Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.230229165Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.239576099Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.244024986Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.250754026Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.266607712Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.274979433Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.277382231Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.280277729Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.284573601Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.287732089Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.290492028Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.293313915Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.297205925Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.320610389Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.329591631Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.340325945Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.351259388Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.359292724Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.367280507Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.369154632Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.371935463Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.374998955Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.377295122Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.380411783Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.383318229Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.385747546Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.395363807Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.40990149Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.418012088Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.424997648Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.433439121Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.441010212Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.442638567Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.446529922Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.449155612Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.45165298Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.455222976Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.458058477Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.460880428Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.47054802Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.48068206Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.483848092Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.490299833Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.510278701Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.517945689Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.520180014Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.52413126Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.525876721Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:04.93831933Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.939567927Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.946035028Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:04.947236279Z 78 PC: 12adb | Find first file
2018-12-25T12:37:04.967712763Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:04.975245217Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:04.982610216Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:04.989761541Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:04.992494108Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:04.99502574Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:04.997372472Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:04.99998138Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.002504591Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.004799096Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.008479088Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.02540529Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.034612894Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.037906926Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.045984871Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.053831882Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.06428907Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.067478551Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.069908083Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.072270055Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.075643673Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.078009374Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.081051031Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.083603763Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.093147893Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.102441829Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.113241511Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.121261103Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.129343007Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.137346821Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.140573726Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.143414198Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.146971277Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.152175494Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.15483708Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.157228565Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.163909535Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.173089855Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.193218959Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.196946472Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.20487323Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.212652184Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.220609356Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.223674487Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.226554918Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.229428595Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.23336023Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.236169696Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.238971263Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.242569312Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.252284485Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.261551905Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.265813022Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.273873206Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.281695122Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.290089169Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.291995436Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.294304678Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.296728341Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.299703793Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.302171829Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.305736126Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.309684779Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.31909732Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.330003864Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.334196043Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.341938377Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.349709925Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.358647403Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.361013699Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.363867954Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.366719713Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.370614693Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.37345902Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.376035471Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.379067728Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.388889556Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.398298728Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.402599897Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.409875263Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.417462333Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.426039516Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.427574686Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.430128624Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.433546457Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.436468033Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.439075922Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.441536933Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.444735098Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.45403855Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.468065012Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.473354743Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.479958018Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.488087585Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.496604035Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.498728894Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.501708902Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.503530579Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.004611875Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.006274802Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.007712534Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.008767079Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.015340589Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.021799775Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.028883789Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.0357721Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.037609765Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.040261765Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.04308169Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.04675309Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.049225952Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.051835254Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.056436216Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.073420593Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.08501222Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.09125427Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.098026546Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.105606731Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.111866282Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.113676125Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.115224501Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.116780899Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.118966924Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.120810041Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.12251792Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.124847121Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.131120886Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.136693188Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.139344834Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.14373396Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.152499725Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.158805912Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.165221499Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.167512251Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.170171433Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.173043946Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.188073891Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.191276516Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.194170473Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.204288059Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.21439635Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.21813724Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.224813072Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.232566382Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.240971719Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.242937941Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.245786937Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.248926235Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.251434861Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.255186669Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.258361483Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.260884319Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.270693753Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.282544916Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.285960813Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.290130896Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.296382834Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.304420435Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.306071139Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.308843727Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.311930936Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.314785223Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.317608452Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.320896113Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.323389527Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.333413516Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.343231512Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.346971969Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.353313477Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.361962783Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.370061661Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.372025417Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.375376596Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.378328873Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.380774057Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.383712576Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.386077934Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.389107506Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.399490245Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.410299254Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.413677492Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.420283069Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.428581467Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.436400032Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.438478071Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.442502793Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.445371723Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.448315083Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.466533179Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.468969605Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.472821618Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.483106775Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.492073326Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.494955881Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.503586767Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.511599482Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.520578649Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.522432296Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.525267378Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.527995318Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.222006432Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.223322612Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.225779462Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.227260031Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.23433231Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.242010285Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.249444536Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.256450224Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.258617681Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.265088882Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.267738822Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.271049221Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.274096316Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.276979185Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.279715189Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.293483075Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.303932444Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.307360673Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.314571068Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.32194474Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.326636022Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.328612162Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.330466285Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.332248028Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.335055351Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.33706415Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.338700295Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.340621056Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.347012522Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.352685906Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.354895715Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.359336495Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.367598798Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.372293418Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.388947054Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.390794604Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.392648059Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.394939754Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.396540033Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.398236676Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.40056514Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.406553169Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.41237741Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.414940086Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.421414692Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.428779412Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.437018276Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.439402578Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.442342312Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.445246378Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.449924278Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.452832901Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.455701823Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.459644777Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.469093219Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.478202671Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.481917681Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.488423097Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.4956641Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.50430397Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.506294324Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.508615093Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.51109106Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.513921315Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.517320911Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.520020734Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.523849429Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.53318802Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.542452884Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.547024189Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.55386049Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.561625464Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.570009246Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.572367075Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.57515038Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.578556237Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.581448652Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.584884354Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.587629427Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.590356239Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.600326015Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.60965255Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.61422786Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.620990992Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.628916203Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.637330097Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.639768355Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.642518802Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.646121141Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.649338643Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.65294392Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.656058178Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.659889246Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.669237163Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.678586826Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.683163103Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.689986079Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.69773527Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.707226453Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.710063222Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.713182049Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.715599848Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.323587977Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.326385963Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.327738805Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.329074048Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.336562564Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.343051317Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.356383206Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.364073176Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.365734393Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.368160155Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.371047008Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.37370571Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.384165433Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.386943314Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.390407351Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.406234445Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.422361263Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.42496364Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.44391404Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.448993286Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.455115458Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.456413077Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.458164674Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.460627459Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.462289905Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.46379844Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.466792366Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.468583668Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.477534575Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.48640614Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.489598989Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.496853123Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.504338468Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.512607566Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.514146025Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.516491677Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.520040684Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.523240583Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.526338629Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.530453735Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.532843839Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.5420021Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.549243591Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.554096233Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.558632115Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.563891727Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.569608628Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.57088137Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.572877579Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.575313646Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.577831259Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.580839186Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.584875387Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.588183374Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.597802917Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.605164409Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.608358194Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.615235697Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.623782362Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.631875507Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.633921371Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.637125825Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.640659283Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.643491077Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.64637002Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.650608953Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.653484458Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.663068034Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.673623893Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.677005758Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.683925304Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.692655318Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.700949875Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.702860425Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.706266713Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.708862288Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.711373479Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.714217689Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.717315898Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.719857213Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.731261825Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.745035125Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.748417697Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.755526696Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.764297573Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.778748558Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.780709391Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.783985134Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.787015251Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.789954427Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.793002279Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.795915094Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.79873097Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.808175424Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.817557168Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.820638682Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.827053958Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.835735998Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.844043736Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.846199143Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.85006594Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.851533734Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.356552905Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.363213465Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.364335348Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.36537049Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.369823576Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.384765815Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.391916072Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.396471155Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.398169821Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.39980106Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.401421206Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.403885516Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.405617764Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.407569292Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.409847286Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.422466384Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.4279331Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.430254265Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.43843767Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.444043551Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.448761752Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.450427766Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.452071697Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.453734385Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.456010519Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.45833583Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.460926529Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.473410143Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.488070762Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.499189893Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.502744561Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.510089928Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.519617004Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.537378582Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.539089571Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.542023098Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.545685221Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.548664193Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.552101379Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.555323561Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.558460894Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.568028218Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.577841306Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.581228107Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.587851166Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.595431193Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.603696139Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.605461874Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.607391081Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.610567825Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.613521576Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.61634726Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.619517321Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.622219087Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.628405884Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.635691066Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.637938817Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.642517418Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.648244764Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.653196877Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.654944868Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.657044471Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.65908828Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.660808647Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.662955076Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.665461744Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.6673622Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.673209321Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.679391232Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.681379993Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.685409948Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.690637439Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.697823972Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.699230938Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.70182156Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.703768474Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.705694705Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.709190472Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.711933427Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.714691079Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.724943275Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.734332984Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.737228752Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.743280184Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.751164964Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.758374496Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.76052314Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.765039847Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.767409253Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.769799156Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.773077617Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.775553583Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.77791876Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.794751536Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.803977296Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.806879874Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.813600676Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.823041911Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.832136376Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.834555497Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.837787818Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.839049344Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.516548438Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.518413744Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.519529114Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.520467027Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.526918484Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.540687154Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.547209464Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.553491882Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.555817589Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.557769262Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.559677472Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.562363127Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.564763137Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.567142492Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.570787828Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.585021807Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.596199826Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.59914586Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.604552454Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.610828049Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.618452632Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.620269391Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.622667976Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.626495027Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.628808044Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.630955538Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.633119039Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.635646663Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.64128389Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.646825818Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.648756772Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.660468425Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.674977882Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.681752527Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.682955468Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.684882749Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.687328756Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.689351611Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.691275724Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.694063052Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.696392813Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.704387552Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.713111295Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.715946247Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.721637635Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.729077124Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.736116094Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.737448866Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.74014365Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.742600813Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.74521862Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.748183841Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.75049441Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.753014836Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.761774432Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.76991037Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.77283732Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.778805764Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.785594703Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.791934538Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.793735716Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.796576261Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.798923627Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.801456864Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.804404649Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.807343717Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.80968157Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.818688178Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.8265665Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.828324349Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.834087304Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.840852942Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.847040313Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.849266058Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.851785184Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.853874211Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.857255922Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.859981089Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.862380913Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.865645522Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.874821619Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.882131594Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.885542679Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.891471405Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.899287235Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.90956992Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.91091367Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.913276647Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.916670545Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.919311146Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.921476323Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.924197304Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.927409445Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.935214027Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.944025189Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.948309101Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.954887793Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.963306705Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.972810722Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.974965343Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.977684664Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:05.980296478Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.538508926Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.54147385Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.542469909Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.543368457Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.5474738Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.551667585Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.558751651Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.56692585Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.568912777Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.572278704Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.574555702Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.57789555Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.580351879Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.582992092Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.586838522Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.602802476Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.614679982Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.619698477Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.625831732Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.632468293Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.639178414Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.656210645Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.65931878Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.661878363Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.666949213Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.674046132Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.676426392Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.679307789Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.68461524Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.694835784Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.699614862Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.703442002Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.708223606Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.715056192Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.716682892Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.719142386Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.722610043Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.724275575Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.725742177Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.727811355Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.729328457Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.734791447Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.754696069Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.757703464Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.763662633Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.770394771Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.77708973Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.778661454Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.780746748Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.784125541Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.78660265Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.789119939Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.792348178Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.794721324Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.818127569Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.827602418Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.830565201Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.836159798Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.844047975Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.852383321Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.854464546Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.857511636Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.860145277Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.862542067Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.865972394Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.868583452Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.871168289Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.880005756Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.888072203Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.891331169Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.899063348Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.907868774Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.914797331Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.916738581Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.919476029Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.921950224Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.924827833Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.927635974Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.930128599Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.932903488Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.94267357Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.952049396Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.955530826Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.962437838Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.970846842Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.977014357Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.978554958Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.981858352Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.984485597Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.987376492Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.990198349Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.992460759Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.995365572Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.003622596Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.011488834Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.015795932Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.021556202Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.028388788Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.037062738Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.039253366Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.04265338Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.044323502Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.541360852Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.543859581Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.5450359Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.545991695Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.554693398Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.560464508Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.57241145Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.579754625Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.580724553Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.582104712Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.58446803Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.586555735Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.588520785Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.590615256Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.592628655Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.608477342Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.617116055Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.621419644Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.630044272Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.63749057Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.645320039Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.646986691Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.649506201Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.653355152Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.65488187Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.656378549Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.659166687Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.661111202Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.669189706Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.689391591Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.692121479Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.698437809Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.706279704Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.723038994Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.7243541Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.726719862Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.72878454Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.730877811Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.733053941Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.735513821Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.737481607Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.754634021Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.769117201Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.771926679Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.777756787Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.788621102Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.795692229Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.797319943Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.8005706Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.803380401Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.805998335Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.808649652Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.811963645Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.814404384Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.822595974Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.831287761Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.833780975Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.837984703Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.84299483Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.850043534Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.851721583Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.854930149Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.8573292Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.859394802Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.861902591Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.864163155Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.866663419Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.876009922Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.884012684Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.886859586Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.893507648Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.900527389Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.90703451Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.909493154Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.912212626Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.914740584Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.918133563Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.920702544Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.922998943Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.925827727Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.934915247Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.942959153Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.946897809Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.952466556Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.958717269Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.965309786Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.967183463Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.968916309Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.970676743Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.973095852Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.975047728Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.978360908Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.980960724Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.989230702Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.99793341Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.001611657Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.007347598Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.01398305Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.022044389Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.024090533Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.026642741Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.028921233Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.617726582Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.619598105Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.627042612Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.628352074Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.634724744Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.643148751Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.650330172Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.657043863Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.659700876Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.662128291Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.669105353Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.672261767Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.674787668Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.677176548Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.680636668Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.694370691Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.706688829Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.710025079Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.715452658Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.722275443Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.737261861Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.739499502Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.742365736Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.745198172Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.747676532Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.750109373Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.752669839Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.758527426Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.767099909Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.776037917Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.780631042Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.786523032Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.792966863Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.797901903Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.798980307Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.800487316Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.802740286Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.804155683Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.80603947Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.808114366Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.809604359Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.8145858Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.821078835Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.82307974Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.826570907Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.831033462Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.835506984Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.836793108Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.840032639Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.844645255Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.8471859Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.850513237Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.852979811Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.855642109Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.86373579Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.87171364Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.874300681Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.881020384Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.88830785Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.894995472Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.896701527Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.900221611Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.902695852Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.90523566Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.908810813Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.911079344Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.912768317Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.919455348Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.925926739Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.927911105Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.932283225Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.936554252Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.941975797Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.944375339Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.946894677Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.949958428Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.953384271Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.956110335Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.958640829Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.961975765Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.97101693Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.979253178Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.983092593Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.989232914Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.996056778Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.003517732Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.005580838Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.008056269Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.010736726Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.014111597Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.016570741Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.019636837Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.023221461Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.031380561Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.039513661Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.043342919Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.049101032Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.055700143Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.063310844Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.065358704Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.068036558Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.070006124Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.643480532Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.6459461Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.64781064Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.649189491Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.655727578Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.662708199Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.66961906Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.679734471Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.689671017Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.691700075Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.693657813Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.704374181Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.707522884Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.710439663Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.713450435Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.728084361Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.736931732Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.740412668Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.745939883Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.753060488Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.760803411Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.762648038Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.76519957Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.767960264Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.772017419Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.774514489Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.777004796Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.780510226Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.7895917Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.797671348Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.807692834Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.816760081Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.824045615Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.831804292Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.833208468Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.835465998Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.838458714Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.840718241Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.842273049Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.84472704Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.846757903Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.855807199Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.8789066Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.882223812Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.888119918Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.895065692Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.902699145Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.904435985Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.906830171Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.913935206Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.916157972Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.918748158Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.922384677Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.924921316Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.933049287Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.942061442Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.944985Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.948918777Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.955469907Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.961929519Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.963269747Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.966221979Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.968751057Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.971127972Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.974306786Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.976522266Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.979417587Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.988640134Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.996613018Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.999511996Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.00592946Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.012399133Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.01950555Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.022016922Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.024382328Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.026708045Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.030168268Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.032882894Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.035222072Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.038566379Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.047271072Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.055515942Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.059084851Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.065072406Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.071517414Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.078684852Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.081180148Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.083537895Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.086084851Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.089375256Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.091705807Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.09404026Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.096761159Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.104592222Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.112390613Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.115568268Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.122162068Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.128994744Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.136709187Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.138859578Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.141261554Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.143604183Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.667814634Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.669454721Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.670613929Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.671646358Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.67804732Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.68347414Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.695317474Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.702901388Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.704462822Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.706916456Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.709561861Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.723996879Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.726535168Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.728985723Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.732406911Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.754877409Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.762945095Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.766619888Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.77246273Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.779799933Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.787362671Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.78939565Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.791786616Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.795432046Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.797843559Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.800297648Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.80326922Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.805457228Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.813250995Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.821726749Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.825207534Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.831318594Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.837977956Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.845687309Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.847329009Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.850326916Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.853833551Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.856269699Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.858440003Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.860933442Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.863189497Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.87099678Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.879819427Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.883150856Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.888940843Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.896371655Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.903258663Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.904892335Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.907569767Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.910292356Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.912841381Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.915603755Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.91960519Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.922066035Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.942902859Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.951567918Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.954142869Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.959638474Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.967122282Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.973323102Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.974616908Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.978154605Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.980249804Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.982977588Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.986109609Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.988854236Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.99122974Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.000174269Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.008497685Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.01128843Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.017910016Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.024832024Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.031290689Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.033080883Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.036354839Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.038717727Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.041033086Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.044514558Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.04687761Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.049231231Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.059518016Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.067621507Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.070416034Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.077353726Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.084017706Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.090555255Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.092981694Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.095341967Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.099613196Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.103765903Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.10619626Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.108601316Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.111914403Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.130509376Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.141586522Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.155365086Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.161102557Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.170554247Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.195069592Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.197044343Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.199713073Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.201760329Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":5,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.709949008Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.711872592Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.713308274Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.714362929Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.721166856Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.726991143Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.738307238Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.745940063Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.747698289Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.750094979Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.753104313Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.762752384Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.765029709Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.76736972Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.770760852Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.784132075Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.792038561Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.795780415Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.8084172Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.816827324Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.824433713Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.832419324Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.836029826Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.839573983Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.843305452Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.84606445Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.849520194Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.851730582Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.858014437Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.866662579Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.869314234Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.874844775Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.881702833Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.890061229Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.891688017Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.894088406Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.897048266Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.899520409Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.901600812Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.904651023Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.907826013Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.915987835Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.925472076Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.928350759Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.934876176Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.942001186Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.949444833Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.951033451Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.954158274Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.957027578Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.959404517Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.962940057Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.965987205Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.968474242Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.976949929Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.98615811Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.989035703Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.994697913Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.001417759Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.008548842Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.010183085Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.013012042Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.01501178Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.017000526Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.019274082Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.022190947Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.024614666Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.033264103Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.041020036Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.04473312Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.051162115Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.057839113Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.064368326Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.066523431Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.069228303Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.071647456Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.075104915Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.077528475Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.08003096Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.083398083Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.092458502Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.100609253Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.104087138Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.109932215Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.116592511Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.123786845Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.125354362Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.127766407Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.130904183Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.133249526Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.135638949Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.138437734Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.147640373Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.157095224Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.167153932Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.169937327Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.182972821Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.190379679Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.199810187Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.201985257Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.205520789Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.206986031Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300
2018-12-25T12:37:06.209352831Z 42 PC: 12c3f | Get date 0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300
0x12c62: int 0x21
0x12c64: cmp cx, 0x20
0x12c67: jne 0x12c6c
0x12c69: jmp 0x12c74
0x12c6b: nop

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12963,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.781790503Z 53 PC: 12a9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.783765865Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.784929118Z 26 PC: 12ad1 | Set disk transfer address
2018-12-25T12:37:05.785860858Z 78 PC: 12adb | Find first file
2018-12-25T12:37:05.792543413Z 67 PC: 12ae8 | Get or set file attributes
2018-12-25T12:37:05.798341916Z 61 PC: 12afd | Open file (Filename = ',�!2�����<')
2018-12-25T12:37:05.81025908Z 63 PC: 12b0c | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:37:05.81704705Z 66 PC: 12b28 | Move file pointer
2018-12-25T12:37:05.818441303Z 44 PC: 12b2c | Get time 0x12b2c: xor al, al
0x12b2e: mov al, dl
0x12b30: add al, dh
0x12b32: add al, cl
0x12b34: cmp al, 0
0x12b36: jg 0x12b3a
0x12b38: neg al
0x12b3a: cwde
0x12b3b: inc ax
0x12b3c: cdq
0x12b3d: mov cx, word ptr cs:[0x117]
0x12b42: idiv cx
0x12b44: inc dx
0x12b45: rol dx, 1
0x12b47: mov di, dx
0x12b49: mov word ptr [di + 0x4b], 0xc933
0x12b4f: mov ah, 0x2c
0x12b51: int 0x21
0x12b53: xor al, al
0x12b55: mov al, dl
2018-12-25T12:37:05.820362389Z 44 PC: 12b53 | Get time 0x12b53: xor al, al
0x12b55: mov al, dl
0x12b57: add al, dh
0x12b59: add al, ch
0x12b5b: cmp al, 0
0x12b5d: jg 0x12b61
0x12b5f: neg al
0x12b61: cwde
0x12b62: inc ax
0x12b63: cdq
0x12b64: mov cx, word ptr cs:[0x117]
0x12b69: idiv cx
0x12b6b: inc dx
0x12b6c: rol dx, 1
0x12b6e: mov di, dx
0x12b70: mov word ptr [di + 0x4b], 0xd233
0x12b76: mov ah, 0x2c
0x12b78: int 0x21
0x12b7a: xor al, al
0x12b7c: mov al, dl
2018-12-25T12:37:05.822525995Z 44 PC: 12b7a | Get time 0x12b7a: xor al, al
0x12b7c: mov al, dl
0x12b7e: add al, cl
0x12b80: add al, ch
0x12b82: cmp al, 0
0x12b84: jg 0x12b88
0x12b86: neg al
0x12b88: cwde
0x12b89: inc ax
0x12b8a: cdq
0x12b8b: mov cx, word ptr cs:[0x117]
0x12b90: idiv cx
0x12b92: inc dx
0x12b93: rol dx, 1
0x12b95: mov di, dx
0x12b97: mov word ptr [di + 0x4b], 0x706
0x12b9d: mov ah, 0x2c
0x12b9f: int 0x21
0x12ba1: xor al, al
0x12ba3: add al, dh
2018-12-25T12:37:05.824951646Z 44 PC: 12ba1 | Get time 0x12ba1: xor al, al
0x12ba3: add al, dh
0x12ba5: add al, cl
0x12ba7: add al, ch
0x12ba9: cmp al, 0
0x12bab: jg 0x12baf
0x12bad: neg al
0x12baf: cwde
0x12bb0: inc ax
0x12bb1: cdq
0x12bb2: mov cx, word ptr cs:[0x117]
0x12bb7: idiv cx
0x12bb9: inc dx
0x12bba: rol dx, 1
0x12bbc: mov di, dx
0x12bbe: mov word ptr [di + 0x4b], 0xca3b
0x12bc4: mov ah, 0x2c
0x12bc6: int 0x21
0x12bc8: xor al, al
0x12bca: mov al, dl
2018-12-25T12:37:05.827120791Z 44 PC: 12bc8 | Get time 0x12bc8: xor al, al
0x12bca: mov al, dl
0x12bcc: add al, dh
0x12bce: cmp al, 0
0x12bd0: jg 0x12bd4
0x12bd2: neg al
0x12bd4: cwde
0x12bd5: inc ax
0x12bd6: cdq
0x12bd7: mov cx, word ptr cs:[0x117]
0x12bdc: idiv cx
0x12bde: inc dx
0x12bdf: rol dx, 1
0x12be1: mov di, dx
0x12be3: mov word ptr [di + 0x4b], 0xd9f7
0x12be9: mov ah, 0x2c
0x12beb: int 0x21
0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
2018-12-25T12:37:05.829231745Z 44 PC: 12bed | Get time 0x12bed: xor al, al
0x12bef: mov al, dl
0x12bf1: add al, ch
0x12bf3: cmp al, 0
0x12bf5: jg 0x12bf9
0x12bf7: neg al
0x12bf9: cwde
0x12bfa: inc ax
0x12bfb: cdq
0x12bfc: mov cx, word ptr cs:[0x117]
0x12c01: idiv cx
0x12c03: inc dx
0x12c04: rol dx, 1
0x12c06: mov di, dx
0x12c08: mov word ptr [di + 0x4b], 0xd133
0x12c0e: xor dx, dx
0x12c10: mov cx, word ptr cs:[0x115]
0x12c15: mov ah, 0x40
0x12c17: int 0x21
0x12c19: mov ah, 0x3e
2018-12-25T12:37:05.831756943Z 64 PC: 12c19 | Write file or device (Write 1155 bytes on handle 5)
2018-12-25T12:37:05.846599377Z 62 PC: 12c1d | Close file
2018-12-25T12:37:05.854129373Z 79 PC: 12c23 | Find next file
2018-12-25T12:37:05.857290195Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.863000345Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.869393563Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.881326585Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.889046218Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.89114983Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.893980045Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.896069581Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.898109217Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.901219718Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.903310495Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.911330385Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.92035667Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.933058379Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.938875371Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:05.945482691Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:05.952643441Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:05.954028551Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:05.956197934Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:05.959591235Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:05.961718065Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:05.963835449Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:05.968036395Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:05.970211308Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:05.979311621Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:05.988682791Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:05.991565819Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:05.998132106Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.005637215Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.012740765Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.014595017Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.018090913Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.020764706Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.024551217Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.028020382Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.03166802Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.034215955Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.043432285Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.052277059Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.055784745Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.065474107Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.072987377Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.08026662Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.081715036Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.085926873Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.091495852Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.093926529Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.099840818Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.102895267Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.112673842Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.121609809Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.129526919Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.132457277Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.139498775Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.146164258Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.152694332Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.15558557Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.158097622Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.161175824Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.164260439Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.166677274Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.168750194Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.172694877Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.198999374Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.2062435Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.209644467Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.215934321Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.222669182Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.230675891Z 66 PC: 12b28 | Move file pointer (See above)
2018-12-25T12:37:06.232803325Z 44 PC: 12b2c | Get time (See above)
2018-12-25T12:37:06.235289706Z 44 PC: 12b53 | Get time (See above)
2018-12-25T12:37:06.242251338Z 44 PC: 12b7a | Get time (See above)
2018-12-25T12:37:06.24528455Z 44 PC: 12ba1 | Get time (See above)
2018-12-25T12:37:06.249869855Z 44 PC: 12bc8 | Get time (See above)
2018-12-25T12:37:06.257783365Z 44 PC: 12bed | Get time (See above)
2018-12-25T12:37:06.262580721Z 64 PC: 12c19 | Write file or device (See above)
2018-12-25T12:37:06.272419096Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.283708664Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.287048976Z 67 PC: 12ae8 | Get or set file attributes (See above)
2018-12-25T12:37:06.292967798Z 61 PC: 12afd | Open file (See above)
2018-12-25T12:37:06.301131817Z 63 PC: 12b0c | Read file or device (See above)
2018-12-25T12:37:06.308919376Z 62 PC: 12c1d | Close file (See above)
2018-12-25T12:37:06.311010191Z 79 PC: 12c23 | Find next file (See above)
2018-12-25T12:37:06.313920756Z 26 PC: 12c2f | Set disk transfer address
2018-12-25T12:37:06.316162046Z 44 PC: 12c33 | Get time 0x12c33: cmp ch, 5
0x12c36: je 0x12c3b
0x12c38: jmp 0x12cee
0x12c3b: mov ah, 0x2a
0x12c3d: int 0x21
0x12c3f: cmp al, 6
0x12c41: je 0x12c46
0x12c43: jmp 0x12cee
0x12c46: mov dx, 0x119
0x12c49: mov ah, 0x1a
0x12c4b: int 0x21
0x12c4d: mov dx, 0x10b
0x12c50: mov cx, 6
0x12c53: mov ah, 0x4e
0x12c55: int 0x21
0x12c57: jae 0x12c5c
0x12c59: jmp 0x12c93
0x12c5b: nop
0x12c5c: mov dx, 0x137
0x12c5f: mov ax, 0x4300