Sample viewer

vx.netlux.org/Virus.DOS.Haifa.2352

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:49.283437175Z	212	PC: 19508 \| UNKNOWN!
2018-12-17T23:01:49.284793156Z	26	PC: 19592 \| Set disk transfer address
2018-12-17T23:01:49.28579608Z	78	PC: 1959c \| Find first file
2018-12-17T23:01:49.291273695Z	86	PC: 18f81 \| Rename file
2018-12-17T23:01:49.633831125Z	61	PC: 18fa1 \| Open file (Filename = 'C:\COMMAND.VZQ')
2018-12-17T23:01:49.640915163Z	63	PC: 1902c \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:01:49.643719037Z	66	PC: 190a1 \| Move file pointer
2018-12-17T23:01:49.646185759Z	64	PC: 190c6 \| Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:01:49.649467369Z	44	PC: 19101 \| Get time 0x19101: mov byte ptr [0x6f7], 0 0x19106: test dh, 8 0x19109: je 0x19110 0x1910b: mov byte ptr [0x6f7], 0x30 0x19110: and cl, 3 0x19113: mov al, 0xb8 0x19115: add al, cl 0x19117: mov byte ptr [si + 3], al 0x1911a: sub al, 0x70 0x1911c: mov byte ptr [bx + si + 0xb], al 0x1911f: add ch, dl 0x19121: add ch, dh 0x19123: and dh, 1 0x19126: mov al, 0xbe 0x19128: add al, dh 0x1912a: mov byte ptr [si], al 0x1912c: nop 0x1912d: nop 0x1912e: sub al, 0x8a 0x19130: mov ah, al
2018-12-17T23:01:49.651738044Z	44	PC: 191d0 \| Get time 0x191d0: and dl, 7 0x191d3: add dl, 0x90 0x191d6: mov dh, dl 0x191d8: mov word ptr [si], dx 0x191da: jmp 0x191f8 0x191dc: mov ah, 0x2c 0x191de: int 0x21 0x191e0: and dl, 3 0x191e3: mov al, 3 0x191e5: mov bl, dl 0x191e7: xor bh, bh 0x191e9: mov ah, byte ptr [bx + 0x762] 0x191ed: mov word ptr [si], ax 0x191ef: mov al, 0xd1 0x191f1: mov ah, 0xd8 0x191f3: add ah, dl 0x191f5: mov word ptr [si + 2], ax 0x191f8: mov ah, 0x40 0x191fa: mov bx, word ptr [0x6ee] 0x191fe: mov cx, 0x12
2018-12-17T23:01:49.666691682Z	64	PC: 19206 \| Write file or device (Write 18 bytes on handle 5)
2018-12-17T23:01:49.669421857Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.672008926Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.675142377Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.677711595Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.680267463Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.683163421Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.685706686Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.692321003Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.695043043Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.69780597Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.700430293Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.703063022Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.705854051Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.708335149Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.711011512Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.713960131Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.716442212Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.719017014Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.722582402Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.725127752Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.728112616Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.730854151Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.733553032Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.736387493Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.739078884Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.741575401Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.744167609Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.746809401Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.749316128Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.751939034Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.754889378Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.756653437Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.758479305Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.761216251Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.763711054Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.76637555Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.769157099Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.771851978Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.774586542Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.783621371Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.786856357Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.789936257Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.792519666Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.795561963Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.798288413Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.801326942Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.803963345Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.806484722Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.809324315Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.812201998Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.81469942Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.817385954Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.8198984Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.822417402Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.840314967Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.843319204Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.846547855Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.850514971Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.853974285Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.856577246Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.859900546Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.86265159Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.865380443Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.868804829Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.871866218Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.874601308Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.877748884Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.880518477Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.883211098Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.886415827Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.888937574Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.895186327Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.89838073Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.901582929Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.904047426Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.907457449Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.910448928Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.913484267Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.917402682Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.920275221Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.923160431Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.927713198Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.930562697Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.933469905Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.937460096Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.940388713Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.943427888Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.94738795Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.950194805Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.952914996Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.95786894Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.960815438Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.963918117Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.967693278Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.970542332Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.973396082Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.9764901Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.979700033Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.982379005Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.986492888Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.989489344Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.992166331Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:49.995937721Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.002424658Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.00600219Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.009428904Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.012171038Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.014980655Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.018536084Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.021070236Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.02364942Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.02713918Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.0296513Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.032395029Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.035743096Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.038864315Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.041741743Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.044561068Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.049190708Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.052090646Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.054903209Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.058681899Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.061510197Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.064306379Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.068069053Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.070884688Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.073802647Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.077711992Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.080809624Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.084607265Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.087964911Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.09061107Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.094258153Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.096905309Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.099536971Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.106283747Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.109746613Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.112389953Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.115364401Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.119394025Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.122202284Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.126019243Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.130044147Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.132824922Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.135809568Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.139161615Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:01:50.141719703Z	64	PC: 19268 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:01:50.144467529Z	66	PC: 192f5 \| Move file pointer
2018-12-17T23:01:50.147150337Z	64	PC: 19303 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T23:01:50.150058678Z	87	PC: 18fc9 \| Get or set file date and time
2018-12-17T23:01:50.151908885Z	62	PC: 18fd1 \| Close file
2018-12-17T23:01:50.160346058Z	86	PC: 18fb1 \| Rename file
2018-12-17T23:01:50.170877567Z	53	PC: 195ae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:50.172607924Z	48	PC: 195c0 \| Get DOS version
2018-12-17T23:01:50.185958896Z	37	PC: 195fb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:50.187330821Z	44	PC: 1960b \| Get time 0x1960b: or dl, dl 0x1960d: jne 0x19612 0x1960f: cli 0x19610: jmp 0x19610 0x19612: mov ah, 0x2a 0x19614: int 0x21 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx
2018-12-17T23:01:50.190763576Z	42	PC: 19616 \| Get date 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx 0x19639: add word ptr [0xa29], bx 0x1963d: mov ss, ax 0x1963f: mov ax, word ptr [0x8c9] 0x19642: mov ds, ax 0x19644: mov es, ax 0x19646: ljmp 0:0x100
2018-12-17T23:01:50.192993716Z	48	PC: 13777 \| Get DOS version
2018-12-17T23:01:50.194495834Z	9	PC: 13783 \| Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13993,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:42.233813182Z	212	PC: 19508 \| UNKNOWN!
2018-12-25T12:39:42.235852323Z	26	PC: 19592 \| Set disk transfer address
2018-12-25T12:39:42.237071521Z	78	PC: 1959c \| Find first file
2018-12-25T12:39:42.24316765Z	86	PC: 18f81 \| Rename file
2018-12-25T12:39:42.58879904Z	61	PC: 18fa1 \| Open file (Filename = 'C:\COMMAND.VZQ')
2018-12-25T12:39:42.595805457Z	63	PC: 1902c \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:39:42.598787308Z	66	PC: 190a1 \| Move file pointer
2018-12-25T12:39:42.600658958Z	64	PC: 190c6 \| Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:39:42.604340848Z	44	PC: 19101 \| Get time 0x19101: mov byte ptr [0x6f7], 0 0x19106: test dh, 8 0x19109: je 0x19110 0x1910b: mov byte ptr [0x6f7], 0x30 0x19110: and cl, 3 0x19113: mov al, 0xb8 0x19115: add al, cl 0x19117: mov byte ptr [si + 3], al 0x1911a: sub al, 0x70 0x1911c: mov byte ptr [bx + si + 0xb], al 0x1911f: add ch, dl 0x19121: add ch, dh 0x19123: and dh, 1 0x19126: mov al, 0xbe 0x19128: add al, dh 0x1912a: mov byte ptr [si], al 0x1912c: nop 0x1912d: nop 0x1912e: sub al, 0x8a 0x19130: mov ah, al
2018-12-25T12:39:42.606662268Z	44	PC: 191d0 \| Get time 0x191d0: and dl, 7 0x191d3: add dl, 0x90 0x191d6: mov dh, dl 0x191d8: mov word ptr [si], dx 0x191da: jmp 0x191f8 0x191dc: mov ah, 0x2c 0x191de: int 0x21 0x191e0: and dl, 3 0x191e3: mov al, 3 0x191e5: mov bl, dl 0x191e7: xor bh, bh 0x191e9: mov ah, byte ptr [bx + 0x762] 0x191ed: mov word ptr [si], ax 0x191ef: mov al, 0xd1 0x191f1: mov ah, 0xd8 0x191f3: add ah, dl 0x191f5: mov word ptr [si + 2], ax 0x191f8: mov ah, 0x40 0x191fa: mov bx, word ptr [0x6ee] 0x191fe: mov cx, 0x12
2018-12-25T12:39:42.617074393Z	64	PC: 19206 \| Write file or device (Write 18 bytes on handle 5)
2018-12-25T12:39:42.622896219Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:39:42.626747801Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.629762748Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.633571228Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.636430978Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.639236282Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.6423999Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.946875594Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.952694233Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.961109245Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.964659083Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.968673885Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.978697545Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.984991034Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.992910693Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.005075245Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.008227509Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.012255707Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.016393928Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.019420183Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.022504205Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.026243254Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.028521067Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.031632919Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.035025476Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.039302765Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.042733395Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.046000857Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.050462677Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.053895977Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.057288774Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.064252469Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.068467873Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.072188272Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.076359835Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.079850367Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.083329023Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.088489871Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.092338446Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.10357863Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.107834055Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.111628612Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.115243974Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.119043791Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.123404914Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.126326226Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.129330407Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.133303125Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.136247414Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.139208578Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.144525661Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.147717327Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.151185698Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.155591931Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.159850385Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.163221945Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.167369382Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.170795774Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.174238491Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.178483664Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.182238314Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.185656649Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.189283958Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.193562022Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.196971826Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.200427946Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.204984872Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.208421014Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.211859691Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.21628859Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.220028247Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.227361235Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.232059336Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.235421689Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.23880368Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.242933376Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.246309663Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.249645702Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.253700404Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.25686197Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.260177884Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.263749762Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.267422982Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.271663844Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.275775741Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.279141709Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.282324343Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.286174509Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.290965467Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.294125155Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.297499459Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.301794801Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.306430686Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.310159259Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.314356927Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.318321976Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.322047596Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.326034004Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.330214097Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.333799079Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.337779158Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.341298649Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.34482178Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.353243191Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.356789048Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.360311834Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.364277706Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.367732161Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.372591657Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.376431517Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.378549862Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.380556444Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.383196218Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.385297402Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.387371384Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.390127533Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.39226195Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.394631198Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.397423581Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.399614593Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.401855431Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.404453153Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.406670573Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.40908604Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.411739541Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.414102015Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.416316939Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.419164776Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.421338634Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.423434277Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.426215634Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.42830451Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.430448439Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.433028623Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.435596554Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.440579971Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.443390178Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.445509329Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.447629723Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.450523347Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.453312085Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.460934962Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.465810169Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.468041079Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.470180481Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.473223275Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.475623819Z	64	PC: 19268 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:39:43.477874116Z	66	PC: 192f5 \| Move file pointer
2018-12-25T12:39:43.479999473Z	64	PC: 19303 \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:39:43.482211561Z	87	PC: 18fc9 \| Get or set file date and time
2018-12-25T12:39:43.48357379Z	62	PC: 18fd1 \| Close file
2018-12-25T12:39:43.489344988Z	86	PC: 18fb1 \| Rename file
2018-12-25T12:39:43.496448832Z	53	PC: 195ae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:43.497638901Z	48	PC: 195c0 \| Get DOS version
2018-12-25T12:39:43.499414262Z	37	PC: 195fb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:43.500501085Z	44	PC: 1960b \| Get time 0x1960b: or dl, dl 0x1960d: jne 0x19612 0x1960f: cli 0x19610: jmp 0x19610 0x19612: mov ah, 0x2a 0x19614: int 0x21 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx
2018-12-25T12:39:43.502198912Z	42	PC: 19616 \| Get date 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx 0x19639: add word ptr [0xa29], bx 0x1963d: mov ss, ax 0x1963f: mov ax, word ptr [0x8c9] 0x19642: mov ds, ax 0x19644: mov es, ax 0x19646: ljmp 0:0x100
2018-12-25T12:39:43.50457976Z	48	PC: 13777 \| Get DOS version
2018-12-25T12:39:43.505864597Z	9	PC: 13783 \| Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":7,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13993,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:42.585598099Z	212	PC: 19508 \| UNKNOWN!
2018-12-25T12:39:42.58847981Z	26	PC: 19592 \| Set disk transfer address
2018-12-25T12:39:42.589674624Z	78	PC: 1959c \| Find first file
2018-12-25T12:39:42.595929485Z	86	PC: 18f81 \| Rename file
2018-12-25T12:39:42.951995166Z	61	PC: 18fa1 \| Open file (Filename = 'C:\COMMAND.VZQ')
2018-12-25T12:39:42.961360786Z	63	PC: 1902c \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:39:42.96553904Z	66	PC: 190a1 \| Move file pointer
2018-12-25T12:39:42.967538921Z	64	PC: 190c6 \| Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:39:42.973861584Z	44	PC: 19101 \| Get time 0x19101: mov byte ptr [0x6f7], 0 0x19106: test dh, 8 0x19109: je 0x19110 0x1910b: mov byte ptr [0x6f7], 0x30 0x19110: and cl, 3 0x19113: mov al, 0xb8 0x19115: add al, cl 0x19117: mov byte ptr [si + 3], al 0x1911a: sub al, 0x70 0x1911c: mov byte ptr [bx + si + 0xb], al 0x1911f: add ch, dl 0x19121: add ch, dh 0x19123: and dh, 1 0x19126: mov al, 0xbe 0x19128: add al, dh 0x1912a: mov byte ptr [si], al 0x1912c: nop 0x1912d: nop 0x1912e: sub al, 0x8a 0x19130: mov ah, al
2018-12-25T12:39:42.976708273Z	44	PC: 191d0 \| Get time 0x191d0: and dl, 7 0x191d3: add dl, 0x90 0x191d6: mov dh, dl 0x191d8: mov word ptr [si], dx 0x191da: jmp 0x191f8 0x191dc: mov ah, 0x2c 0x191de: int 0x21 0x191e0: and dl, 3 0x191e3: mov al, 3 0x191e5: mov bl, dl 0x191e7: xor bh, bh 0x191e9: mov ah, byte ptr [bx + 0x762] 0x191ed: mov word ptr [si], ax 0x191ef: mov al, 0xd1 0x191f1: mov ah, 0xd8 0x191f3: add ah, dl 0x191f5: mov word ptr [si + 2], ax 0x191f8: mov ah, 0x40 0x191fa: mov bx, word ptr [0x6ee] 0x191fe: mov cx, 0x12
2018-12-25T12:39:42.980030453Z	64	PC: 19206 \| Write file or device (Write 18 bytes on handle 5)
2018-12-25T12:39:42.984968945Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:39:42.988718123Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.990952847Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.993547736Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.996433714Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:42.999498038Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.00218515Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.007345888Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.00931659Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.011983063Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.024144391Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.027502632Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.031641389Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.03506981Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.038537564Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.042153142Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.046071555Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.049501724Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.052929382Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.057323897Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.060712034Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.064150763Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.06780145Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.07113052Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.075428184Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.079742163Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.083203101Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.086189218Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.089641073Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.092723924Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.095751209Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.099884557Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.10324604Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.106343517Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.109431605Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.113383226Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.116758766Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.120131612Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.124742833Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.135056918Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.138190793Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.142530861Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.146969118Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.150165471Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.154208294Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.158129871Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.161516206Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.165182753Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.169947122Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.173632656Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.177286982Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.182148041Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.185808511Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.189460718Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.1941037Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.198114059Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.201772272Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.20629337Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.210306885Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.213990417Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.217663706Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.22329326Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.226856352Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.230525856Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.235226658Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.238751056Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.242241807Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.246639278Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.25044379Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.253942581Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.258177626Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.265979712Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.269087319Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.27215691Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.276712274Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.28015744Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.28359254Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.287763378Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.291243395Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.29521395Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.298829398Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.302147163Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.305499675Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.309629673Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.314759536Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.318248678Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.321917713Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.326297593Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.329769685Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.333220646Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.337895241Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.341273463Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.344687094Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.348983977Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.352296007Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.355650201Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.359851511Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.363272453Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.367504972Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.371712153Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.375114133Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.378478043Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.382706791Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.39013244Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.39362362Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.397973754Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.401861687Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.405327427Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.409473842Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.413279718Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.416764985Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.421003371Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.42494668Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.428297339Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.432326564Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.436886284Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.441430979Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.445063406Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.449735406Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.453775862Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.457385512Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.461970595Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.466069145Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.469698513Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.473618757Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.476953036Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.480077681Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.484175086Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.487263587Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.490318681Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.494583613Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.498126159Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.501690574Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.506315984Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.510215873Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.518385379Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.522179564Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.525456457Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.528628547Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.532514567Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.535845687Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.539622534Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.543796058Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.547459602Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.550921361Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.555162776Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.558794613Z	64	PC: 19268 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:39:43.562324454Z	66	PC: 192f5 \| Move file pointer
2018-12-25T12:39:43.565112246Z	64	PC: 19303 \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:39:43.56930146Z	87	PC: 18fc9 \| Get or set file date and time
2018-12-25T12:39:43.571340229Z	62	PC: 18fd1 \| Close file
2018-12-25T12:39:43.58017174Z	86	PC: 18fb1 \| Rename file
2018-12-25T12:39:43.594380077Z	53	PC: 195ae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:43.596132163Z	48	PC: 195c0 \| Get DOS version
2018-12-25T12:39:43.597962786Z	37	PC: 195fb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:43.599797043Z	44	PC: 1960b \| Get time 0x1960b: or dl, dl 0x1960d: jne 0x19612 0x1960f: cli 0x19610: jmp 0x19610 0x19612: mov ah, 0x2a 0x19614: int 0x21 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx
2018-12-25T12:39:43.602378801Z	42	PC: 19616 \| Get date 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx 0x19639: add word ptr [0xa29], bx 0x1963d: mov ss, ax 0x1963f: mov ax, word ptr [0x8c9] 0x19642: mov ds, ax 0x19644: mov es, ax 0x19646: ljmp 0:0x100
2018-12-25T12:39:43.613177245Z	9	PC: 19629 \| Display string (String= 'KIRYAT MOZKIN!!! LOCAL PROCESS INDUSTRY. VIRUS DONE BY: SIBEL ,TEACHES HOW TO MANAGE SHEEP? Thanks for using Turbo Anti Virus. PLEASE JMP FE00:0 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13993,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:43.011576548Z	212	PC: 19508 \| UNKNOWN!
2018-12-25T12:39:43.013446311Z	26	PC: 19592 \| Set disk transfer address
2018-12-25T12:39:43.014499334Z	78	PC: 1959c \| Find first file
2018-12-25T12:39:43.020188597Z	86	PC: 18f81 \| Rename file
2018-12-25T12:39:43.713574839Z	61	PC: 18fa1 \| Open file (Filename = 'C:\COMMAND.VZQ')
2018-12-25T12:39:43.722390871Z	63	PC: 1902c \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:39:43.725314856Z	66	PC: 190a1 \| Move file pointer
2018-12-25T12:39:43.727367372Z	64	PC: 190c6 \| Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:39:43.73121Z	44	PC: 19101 \| Get time 0x19101: mov byte ptr [0x6f7], 0 0x19106: test dh, 8 0x19109: je 0x19110 0x1910b: mov byte ptr [0x6f7], 0x30 0x19110: and cl, 3 0x19113: mov al, 0xb8 0x19115: add al, cl 0x19117: mov byte ptr [si + 3], al 0x1911a: sub al, 0x70 0x1911c: mov byte ptr [bx + si + 0xb], al 0x1911f: add ch, dl 0x19121: add ch, dh 0x19123: and dh, 1 0x19126: mov al, 0xbe 0x19128: add al, dh 0x1912a: mov byte ptr [si], al 0x1912c: nop 0x1912d: nop 0x1912e: sub al, 0x8a 0x19130: mov ah, al
2018-12-25T12:39:43.733668644Z	44	PC: 191d0 \| Get time 0x191d0: and dl, 7 0x191d3: add dl, 0x90 0x191d6: mov dh, dl 0x191d8: mov word ptr [si], dx 0x191da: jmp 0x191f8 0x191dc: mov ah, 0x2c 0x191de: int 0x21 0x191e0: and dl, 3 0x191e3: mov al, 3 0x191e5: mov bl, dl 0x191e7: xor bh, bh 0x191e9: mov ah, byte ptr [bx + 0x762] 0x191ed: mov word ptr [si], ax 0x191ef: mov al, 0xd1 0x191f1: mov ah, 0xd8 0x191f3: add ah, dl 0x191f5: mov word ptr [si + 2], ax 0x191f8: mov ah, 0x40 0x191fa: mov bx, word ptr [0x6ee] 0x191fe: mov cx, 0x12
2018-12-25T12:39:43.736349485Z	64	PC: 19206 \| Write file or device (Write 18 bytes on handle 5)
2018-12-25T12:39:43.7404349Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:39:43.743314982Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.746094175Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.748108947Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.749949658Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.752040782Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.7548915Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.824440252Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.827205177Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.830460423Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.833603891Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.836285057Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.839526836Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.841509551Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.84361558Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.846095955Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.848167481Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.850075933Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.852521036Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.854343089Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.85610526Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.858612588Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.86047766Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.862651427Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.865308884Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.867160155Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.869074683Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.8713366Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.873368647Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.875846265Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.878088088Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.880919376Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.883594033Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.887094587Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.88963915Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.892299705Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.895522596Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.898024158Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.900513201Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.925908778Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.92883835Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.931338216Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.935202731Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.937951859Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.940607028Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.943685895Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.945534085Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.947287613Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.949387269Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.951987432Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.954419716Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.957462457Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.959895651Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.963014674Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.965775997Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.968192631Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.970591661Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.97341258Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.975838903Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.978409869Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.981261661Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.983670771Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.985916946Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.992044557Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.993918575Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.995613298Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.997926099Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.999712506Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.001265087Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.003512052Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.005190648Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.019688071Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.023468774Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.026328703Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.029051673Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.032244326Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.034869942Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.037356414Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.040406448Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.043674454Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.046197238Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.049120048Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.051697186Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.054165538Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.057151768Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.059617932Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.062535727Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.065335259Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.067900318Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.070362102Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.073167514Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.07576316Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.078221468Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.081049327Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.083529199Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.085984781Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.0889746Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.091805786Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.094668864Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.097783542Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.100342795Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.102825224Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.106150936Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.113167498Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.11579741Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.118639545Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.121107853Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.124298922Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.127101484Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.129824701Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.132294127Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.134886467Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.137363966Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.139846628Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.14291746Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.14606027Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.148574589Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.151738297Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.154255673Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.157423885Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.160098666Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.163550726Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.166347651Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.170758088Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.173416136Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.175942186Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.179189324Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.182765468Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.185751878Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.188757869Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.191574823Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.194406615Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.197504099Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.200116266Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.202913146Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.209079715Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.211685726Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.214746597Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.217281937Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.219657652Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.22240273Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.225236368Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.227886853Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.231800892Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.234413638Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.237151114Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.239830798Z	64	PC: 19268 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:39:44.24233266Z	66	PC: 192f5 \| Move file pointer
2018-12-25T12:39:44.243454883Z	64	PC: 19303 \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:39:44.246537073Z	87	PC: 18fc9 \| Get or set file date and time
2018-12-25T12:39:44.247728226Z	62	PC: 18fd1 \| Close file
2018-12-25T12:39:44.253267206Z	86	PC: 18fb1 \| Rename file
2018-12-25T12:39:44.260299946Z	53	PC: 195ae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:44.261178214Z	48	PC: 195c0 \| Get DOS version
2018-12-25T12:39:44.262050324Z	37	PC: 195fb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:44.263644255Z	44	PC: 1960b \| Get time 0x1960b: or dl, dl 0x1960d: jne 0x19612 0x1960f: cli 0x19610: jmp 0x19610 0x19612: mov ah, 0x2a 0x19614: int 0x21 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx
2018-12-25T12:39:44.265625069Z	42	PC: 19616 \| Get date 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx 0x19639: add word ptr [0xa29], bx 0x1963d: mov ss, ax 0x1963f: mov ax, word ptr [0x8c9] 0x19642: mov ds, ax 0x19644: mov es, ax 0x19646: ljmp 0:0x100
2018-12-25T12:39:44.267717186Z	48	PC: 13777 \| Get DOS version
2018-12-25T12:39:44.269871827Z	9	PC: 13783 \| Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":7,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13993,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:43.050807578Z	212	PC: 19508 \| UNKNOWN!
2018-12-25T12:39:43.052812386Z	26	PC: 19592 \| Set disk transfer address
2018-12-25T12:39:43.054071427Z	78	PC: 1959c \| Find first file
2018-12-25T12:39:43.059845514Z	86	PC: 18f81 \| Rename file
2018-12-25T12:39:43.715514878Z	61	PC: 18fa1 \| Open file (Filename = 'C:\COMMAND.VZQ')
2018-12-25T12:39:43.721640788Z	63	PC: 1902c \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:39:43.725310351Z	66	PC: 190a1 \| Move file pointer
2018-12-25T12:39:43.727692965Z	64	PC: 190c6 \| Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:39:43.731138847Z	44	PC: 19101 \| Get time 0x19101: mov byte ptr [0x6f7], 0 0x19106: test dh, 8 0x19109: je 0x19110 0x1910b: mov byte ptr [0x6f7], 0x30 0x19110: and cl, 3 0x19113: mov al, 0xb8 0x19115: add al, cl 0x19117: mov byte ptr [si + 3], al 0x1911a: sub al, 0x70 0x1911c: mov byte ptr [bx + si + 0xb], al 0x1911f: add ch, dl 0x19121: add ch, dh 0x19123: and dh, 1 0x19126: mov al, 0xbe 0x19128: add al, dh 0x1912a: mov byte ptr [si], al 0x1912c: nop 0x1912d: nop 0x1912e: sub al, 0x8a 0x19130: mov ah, al
2018-12-25T12:39:43.733719303Z	44	PC: 191d0 \| Get time 0x191d0: and dl, 7 0x191d3: add dl, 0x90 0x191d6: mov dh, dl 0x191d8: mov word ptr [si], dx 0x191da: jmp 0x191f8 0x191dc: mov ah, 0x2c 0x191de: int 0x21 0x191e0: and dl, 3 0x191e3: mov al, 3 0x191e5: mov bl, dl 0x191e7: xor bh, bh 0x191e9: mov ah, byte ptr [bx + 0x762] 0x191ed: mov word ptr [si], ax 0x191ef: mov al, 0xd1 0x191f1: mov ah, 0xd8 0x191f3: add ah, dl 0x191f5: mov word ptr [si + 2], ax 0x191f8: mov ah, 0x40 0x191fa: mov bx, word ptr [0x6ee] 0x191fe: mov cx, 0x12
2018-12-25T12:39:43.736403714Z	64	PC: 19206 \| Write file or device (Write 18 bytes on handle 5)
2018-12-25T12:39:43.739206182Z	64	PC: 1924d \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:39:43.741935304Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.745010709Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.747918263Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.749703206Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.75193005Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.75375506Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.866133982Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.870325454Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.873080741Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.875081203Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.87776405Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.879811738Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.882027375Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.884442945Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.886672042Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.888476471Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.892439614Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.895396712Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.898343251Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.90125737Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.904907333Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.907523243Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.91026738Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.912349731Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.914018342Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.915873879Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.91861536Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.920572316Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.922562029Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.926967712Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.928980096Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.93111805Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.933254776Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.935196329Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.937106836Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.939290354Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.941594669Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.949972678Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.987823534Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.990834297Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.993558882Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.996559986Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:43.998331848Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.000170056Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.002888011Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.004545884Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.006173656Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.008608213Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.011465307Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.015027531Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.01882729Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.021637616Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.024464951Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.02827851Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.031161686Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.034092569Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.0379147Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.041100475Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.043606012Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.046608343Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.049090853Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.051561644Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.054785061Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.057274952Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.059747985Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.062969199Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.065600579Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.068211585Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.070918032Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.073865281Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.080081941Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.082681649Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.086187666Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.088764119Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.091315991Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.094354538Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.096907006Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.099477445Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.103522117Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.106089993Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.108856776Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.112651625Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.115526152Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.118370215Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.122104997Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.124796619Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.127430914Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.130441257Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.133016517Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.135559589Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.138817115Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.141486918Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.143965808Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.147293777Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.150573356Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.153299298Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.156876825Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.159699818Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.162153496Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.165310348Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.167886988Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.170370228Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.176800002Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.179391894Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.181938395Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.185089161Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.187657026Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.190160563Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.193345133Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.195911603Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.198394759Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.201276142Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.203750827Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.206207051Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.20937438Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.211862501Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.214315973Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.218158889Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.220735039Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.22343133Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.228005278Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.230606708Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.233117773Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.236320464Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.238865506Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.241385351Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.244824531Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.247407115Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.249878013Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.252814487Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.255335895Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.257798738Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.260879574Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.263482457Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.269532689Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.272767539Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.275344295Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.277913629Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.281589042Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.284463603Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.287116449Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.290530274Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.293184446Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.296547001Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.299520096Z	64	PC: 1924d \| Write file or device (See above)
2018-12-25T12:39:44.301989716Z	64	PC: 19268 \| Write file or device (Write 8 bytes on handle 5)
2018-12-25T12:39:44.304451862Z	66	PC: 192f5 \| Move file pointer
2018-12-25T12:39:44.306412627Z	64	PC: 19303 \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:39:44.309326331Z	87	PC: 18fc9 \| Get or set file date and time
2018-12-25T12:39:44.311203998Z	62	PC: 18fd1 \| Close file
2018-12-25T12:39:44.319447741Z	86	PC: 18fb1 \| Rename file
2018-12-25T12:39:44.329732734Z	53	PC: 195ae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:44.331241117Z	48	PC: 195c0 \| Get DOS version
2018-12-25T12:39:44.335170273Z	37	PC: 195fb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:44.336410701Z	44	PC: 1960b \| Get time 0x1960b: or dl, dl 0x1960d: jne 0x19612 0x1960f: cli 0x19610: jmp 0x19610 0x19612: mov ah, 0x2a 0x19614: int 0x21 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx
2018-12-25T12:39:44.338396807Z	42	PC: 19616 \| Get date 0x19616: cmp dx, 0x507 0x1961a: jne 0x1962c 0x1961c: mov ax, 3 0x1961f: int 0x10 0x19621: nop 0x19622: mov ah, 9 0x19624: mov dx, 0x82c 0x19627: int 0x21 0x19629: cli 0x1962a: jmp 0x19629 0x1962c: mov sp, word ptr [0xa2c] 0x19630: mov ax, word ptr [0xa2e] 0x19633: mov bx, word ptr [0x8cb] 0x19637: add ax, bx 0x19639: add word ptr [0xa29], bx 0x1963d: mov ss, ax 0x1963f: mov ax, word ptr [0x8c9] 0x19642: mov ds, ax 0x19644: mov es, ax 0x19646: ljmp 0:0x100
2018-12-25T12:39:44.347380125Z	9	PC: 19629 \| Display string (String= 'KIRYAT MOZKIN!!! LOCAL PROCESS INDUSTRY. VIRUS DONE BY: SIBEL ,TEACHES HOW TO MANAGE SHEEP? Thanks for using Turbo Anti Virus. PLEASE JMP FE00:0 ')