Sample viewer

vx.netlux.org/Virus.DOS.Rage.2095

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:43.117863101Z	61	PC: 1317b \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T21:51:43.124476674Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.127030748Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.129357526Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.132351812Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.135711931Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.138372275Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.141760282Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.144843129Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.147335878Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.15074367Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.153837658Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.156213367Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.158767287Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.161793932Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.164571912Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.167400053Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.17069004Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.174001323Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.176619265Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.179740596Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.182237543Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.184788921Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.188395849Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.191141771Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.19445835Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.197744809Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.200266786Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.202743304Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.205512516Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.208304124Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.211389964Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.214427173Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.216955549Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.219352027Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.22194107Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.228916708Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.23171718Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.234608675Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.237622319Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.240245547Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.242890917Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.24649291Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.249166348Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.251781525Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.254834749Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.257176025Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.259971152Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.263384204Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.266062544Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.268577272Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.271536042Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:51:43.274325687Z	66	PC: 1329d \| Move file pointer
2018-12-17T21:51:43.275712172Z	63	PC: 1321c \| Read file or device (Read 100 bytes on handle 5)
2018-12-17T21:51:43.279621996Z	63	PC: 1321c \| Read file or device (Read 100 bytes on handle 5)
2018-12-17T21:51:43.281468799Z	66	PC: 1329d \| Move file pointer
2018-12-17T21:51:43.282805441Z	64	PC: 13236 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T21:51:43.286667387Z	64	PC: 1323e \| Write file or device (Write 22 bytes on handle 5)
2018-12-17T21:51:43.289589523Z	64	PC: 13249 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T21:51:43.293281517Z	64	PC: 13255 \| Write file or device (Write 90 bytes on handle 5)
2018-12-17T21:51:43.297063452Z	62	PC: 13259 \| Close file
2018-12-17T21:51:43.75483523Z	60	PC: 13261 \| Create or truncate file
2018-12-17T21:51:43.769295662Z	64	PC: 130c9 \| Write file or device (Write 29 bytes on handle 5)
2018-12-17T21:51:43.780874111Z	64	PC: 130d7 \| Write file or device (Write 2095 bytes on handle 5)
2018-12-17T21:51:43.789399681Z	64	PC: 130dd \| Write file or device (Write 26 bytes on handle 5)
2018-12-17T21:51:43.792348333Z	42	PC: 12af8 \| Get date 0x12af8: cmp dl, 0x1d 0x12afb: jl 0x12b03 0x12afd: mov word ptr [bp + 0x2a6], 1 0x12b03: cmp dl, 0xe 0x12b06: jne 0x12b1e 0x12b08: mov ah, 0xf 0x12b0a: mov al, 1 0x12b0c: call 0x13023 0x12b0f: lea si, word ptr [bp + 0x2b4] 0x12b13: mov dl, 0x11 0x12b15: mov dh, 0xf 0x12b17: call 0x13048 0x12b1a: xor ah, ah 0x12b1c: int 0x16 0x12b1e: xchg bp, di 0x12b20: mov bp, sp 0x12b22: sub sp, 0x80 0x12b26: mov ah, 0x2f 0x12b28: int 0x21 0x12b2a: mov ah, 0x1a
2018-12-17T21:51:43.795243031Z	47	PC: 12b2a \| Get disk transfer address
2018-12-17T21:51:43.796824865Z	26	PC: 12b31 \| Set disk transfer address
2018-12-17T21:51:43.798299029Z	71	PC: 12b40 \| Get current directory
2018-12-17T21:51:43.802162145Z	59	PC: 12b48 \| Change current directory
2018-12-17T21:51:43.80644507Z	47	PC: 12d9c \| Get disk transfer address
2018-12-17T21:51:43.808645792Z	26	PC: 12daa \| Set disk transfer address
2018-12-17T21:51:43.810860417Z	78	PC: 12db5 \| Find first file
2018-12-17T21:51:43.81754667Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.820577379Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.823729928Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.827125127Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.830533276Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.833639109Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.836767737Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.839610927Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.842708792Z	79	PC: 12ddd \| Find next file
2018-12-17T21:51:43.845777388Z	47	PC: 12dfc \| Get disk transfer address
2018-12-17T21:51:43.847185656Z	26	PC: 12e0a \| Set disk transfer address
2018-12-17T21:51:43.848476525Z	78	PC: 12e15 \| Find first file
2018-12-17T21:51:43.855545493Z	47	PC: 12ef6 \| Get disk transfer address
2018-12-17T21:51:43.856975835Z	67	PC: 13073 \| Get or set file attributes
2018-12-17T21:51:43.863185732Z	67	PC: 13080 \| Get or set file attributes
2018-12-17T21:51:44.226313694Z	61	PC: 12f09 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:51:44.234596265Z	87	PC: 130f1 \| Get or set file date and time
2018-12-17T21:51:44.236560192Z	63	PC: 12f1a \| Read file or device (Read 26 bytes on handle 6)
2018-12-17T21:51:44.239921144Z	67	PC: 13080 \| Get or set file attributes
2018-12-17T21:51:44.254390074Z	62	PC: 12f85 \| Close file
2018-12-17T21:51:44.258001808Z	79	PC: 12e15 \| Find next file
2018-12-17T21:51:44.261865298Z	78	PC: 12e21 \| Find first file
2018-12-17T21:51:44.267917446Z	47	PC: 12f8b \| Get disk transfer address
2018-12-17T21:51:44.269338025Z	67	PC: 13073 \| Get or set file attributes
2018-12-17T21:51:44.27621302Z	67	PC: 13080 \| Get or set file attributes
2018-12-17T21:51:44.286082119Z	61	PC: 12f9e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:51:44.292836364Z	87	PC: 130f1 \| Get or set file date and time
2018-12-17T21:51:44.295627182Z	63	PC: 12faf \| Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:51:44.302762922Z	66	PC: 12fc7 \| Move file pointer
2018-12-17T21:51:44.322090228Z	64	PC: 130c9 \| Write file or device (Write 29 bytes on handle 6)
2018-12-17T21:51:44.325904187Z	64	PC: 130d7 \| Write file or device (Write 2095 bytes on handle 6)
2018-12-17T21:51:44.334521798Z	64	PC: 130dd \| Write file or device (Write 26 bytes on handle 6)
2018-12-17T21:51:44.337264956Z	66	PC: 12fe5 \| Move file pointer
2018-12-17T21:51:44.339452085Z	64	PC: 13005 \| Write file or device (Write 4 bytes on handle 6)
2018-12-17T21:51:44.347301519Z	87	PC: 130eb \| Get or set file date and time
2018-12-17T21:51:44.349262277Z	67	PC: 13080 \| Get or set file attributes
2018-12-17T21:51:44.354581151Z	62	PC: 13015 \| Close file
2018-12-17T21:51:44.363261863Z	26	PC: 12e54 \| Set disk transfer address
2018-12-17T21:51:44.364931875Z	26	PC: 12df5 \| Set disk transfer address
2018-12-17T21:51:44.367370023Z	59	PC: 12b52 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":161,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:17.64260033Z	61	PC: 1317b \| Open file (Filename = 'c:\autoexec.bat')
2018-12-25T11:40:17.65105627Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:40:17.653824474Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.656409756Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.65902509Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.661181466Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.663011341Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.664824189Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.667169283Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.668965722Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.670769904Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.673369088Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.675134347Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.676876712Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.679380389Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.681413989Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.683418021Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.685864963Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.688819955Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.69152404Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.694681017Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.696483831Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.698162034Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.700306094Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.702247475Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.704185963Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.706212298Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.708325887Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.710151662Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.711959494Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.722174723Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.724020442Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.725844097Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.729045995Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.731239705Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.73337061Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.735705246Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.737829106Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.739999796Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.742316027Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.744163357Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.746010133Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.748430947Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.750312638Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.752189824Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.754438196Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.756391522Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.759001626Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.761808161Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.764562897Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.767149922Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.769732406Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.773269785Z	66	PC: 1329d \| Move file pointer
2018-12-25T11:40:17.774744046Z	63	PC: 1321c \| Read file or device (Read 100 bytes on handle 5)
2018-12-25T11:40:17.777465206Z	63	PC: 1321c \| Read file or device (See above)
2018-12-25T11:40:17.779591658Z	66	PC: 1329d \| Move file pointer (See above)
2018-12-25T11:40:17.780938947Z	64	PC: 13236 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:40:17.783584183Z	64	PC: 1323e \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T11:40:17.786676572Z	64	PC: 13249 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:40:17.789722017Z	64	PC: 13255 \| Write file or device (Write 90 bytes on handle 5)
2018-12-25T11:40:17.792808313Z	62	PC: 13259 \| Close file
2018-12-25T11:40:18.786477008Z	60	PC: 13261 \| Create or truncate file
2018-12-25T11:40:18.804229271Z	64	PC: 130c9 \| Write file or device (Write 29 bytes on handle 5)
2018-12-25T11:40:18.809428289Z	64	PC: 130d7 \| Write file or device (Write 2095 bytes on handle 5)
2018-12-25T11:40:18.815870856Z	64	PC: 130dd \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:40:18.818139823Z	42	PC: 12af8 \| Get date 0x12af8: cmp dl, 0x1d 0x12afb: jl 0x12b03 0x12afd: mov word ptr [bp + 0x2a6], 1 0x12b03: cmp dl, 0xe 0x12b06: jne 0x12b1e 0x12b08: mov ah, 0xf 0x12b0a: mov al, 1 0x12b0c: call 0x13023 0x12b0f: lea si, word ptr [bp + 0x2b4] 0x12b13: mov dl, 0x11 0x12b15: mov dh, 0xf 0x12b17: call 0x13048 0x12b1a: xor ah, ah 0x12b1c: int 0x16 0x12b1e: xchg bp, di 0x12b20: mov bp, sp 0x12b22: sub sp, 0x80 0x12b26: mov ah, 0x2f 0x12b28: int 0x21 0x12b2a: mov ah, 0x1a
2018-12-25T11:40:18.819912673Z	47	PC: 12b2a \| Get disk transfer address
2018-12-25T11:40:18.821275543Z	26	PC: 12b31 \| Set disk transfer address
2018-12-25T11:40:18.822848088Z	71	PC: 12b40 \| Get current directory
2018-12-25T11:40:18.825209534Z	59	PC: 12b48 \| Change current directory
2018-12-25T11:40:18.828188367Z	47	PC: 12d9c \| Get disk transfer address
2018-12-25T11:40:18.829874034Z	26	PC: 12daa \| Set disk transfer address
2018-12-25T11:40:18.830950521Z	78	PC: 12db5 \| Find first file
2018-12-25T11:40:18.835236163Z	79	PC: 12ddd \| Find next file
2018-12-25T11:40:18.838035159Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.839956925Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.841856388Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.844624867Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.846519536Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.848822986Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.85168703Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.854363742Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.85621524Z	47	PC: 12dfc \| Get disk transfer address
2018-12-25T11:40:18.857758103Z	26	PC: 12e0a \| Set disk transfer address
2018-12-25T11:40:18.858730279Z	78	PC: 12e15 \| Find first file
2018-12-25T11:40:18.862984754Z	47	PC: 12ef6 \| Get disk transfer address
2018-12-25T11:40:18.864595703Z	67	PC: 13073 \| Get or set file attributes
2018-12-25T11:40:18.868500585Z	67	PC: 13080 \| Get or set file attributes
2018-12-25T11:40:18.88134542Z	61	PC: 12f09 \| Open file (Filename = 'TEST.EXE')
2018-12-25T11:40:18.892555919Z	87	PC: 130f1 \| Get or set file date and time
2018-12-25T11:40:18.896382286Z	63	PC: 12f1a \| Read file or device (Read 26 bytes on handle 6)
2018-12-25T11:40:18.900923939Z	67	PC: 13080 \| Get or set file attributes (See above)
2018-12-25T11:40:18.912825241Z	62	PC: 12f85 \| Close file
2018-12-25T11:40:18.914991718Z	79	PC: 12e15 \| Find next file (See above)
2018-12-25T11:40:18.917920552Z	78	PC: 12e21 \| Find first file
2018-12-25T11:40:18.92562889Z	47	PC: 12f8b \| Get disk transfer address
2018-12-25T11:40:18.927225418Z	67	PC: 13073 \| Get or set file attributes (See above)
2018-12-25T11:40:18.933428494Z	67	PC: 13080 \| Get or set file attributes (See above)
2018-12-25T11:40:18.943745191Z	61	PC: 12f9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:18.951862212Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:18.953401718Z	63	PC: 12faf \| Read file or device (Read 4 bytes on handle 6)
2018-12-25T11:40:18.960350017Z	66	PC: 12fc7 \| Move file pointer
2018-12-25T11:40:18.964209943Z	64	PC: 130c9 \| Write file or device (See above)
2018-12-25T11:40:18.96709889Z	64	PC: 130d7 \| Write file or device (See above)
2018-12-25T11:40:18.97663667Z	64	PC: 130dd \| Write file or device (See above)
2018-12-25T11:40:18.980556381Z	66	PC: 12fe5 \| Move file pointer
2018-12-25T11:40:18.984393343Z	64	PC: 13005 \| Write file or device (Write 4 bytes on handle 6)
2018-12-25T11:40:18.991887683Z	87	PC: 130eb \| Get or set file date and time
2018-12-25T11:40:18.994040167Z	67	PC: 13080 \| Get or set file attributes (See above)
2018-12-25T11:40:18.998711569Z	62	PC: 13015 \| Close file
2018-12-25T11:40:19.006895301Z	26	PC: 12e54 \| Set disk transfer address
2018-12-25T11:40:19.008649421Z	26	PC: 12df5 \| Set disk transfer address
2018-12-25T11:40:19.009738334Z	59	PC: 12b52 \| Change current directory

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":161,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:17.949063338Z	61	PC: 1317b \| Open file (Filename = 'c:\autoexec.bat')
2018-12-25T11:40:17.956319624Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:40:17.95976218Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.971988496Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.975096737Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.978656023Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.981716799Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.98492047Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.98813661Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.99155104Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.994136628Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.9972213Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:17.999852434Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.002417825Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.005309814Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.008685178Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.01163408Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.014761479Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.017155776Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.019749318Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.021860886Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.02483143Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.026750451Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.028663641Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.031143249Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.033003473Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.034787469Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.037186506Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.039058351Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.040880588Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.043183807Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.045121048Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.046859185Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.048867287Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.050888354Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.052644667Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.054540055Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.056643765Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.058417032Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.060168261Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.062146907Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.063937954Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.065788126Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.073085274Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.075035471Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.077710467Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.080909101Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.08356345Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.086227178Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.089457164Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.092106934Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.09492258Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.098545784Z	66	PC: 1329d \| Move file pointer
2018-12-25T11:40:18.100001042Z	63	PC: 1321c \| Read file or device (Read 100 bytes on handle 5)
2018-12-25T11:40:18.102695005Z	63	PC: 1321c \| Read file or device (See above)
2018-12-25T11:40:18.104920543Z	66	PC: 1329d \| Move file pointer (See above)
2018-12-25T11:40:18.10636348Z	64	PC: 13236 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:40:18.109170929Z	64	PC: 1323e \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T11:40:18.112169318Z	64	PC: 13249 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:40:18.115537783Z	64	PC: 13255 \| Write file or device (Write 90 bytes on handle 5)
2018-12-25T11:40:18.118885956Z	62	PC: 13259 \| Close file
2018-12-25T11:40:18.800079015Z	60	PC: 13261 \| Create or truncate file
2018-12-25T11:40:18.819988514Z	64	PC: 130c9 \| Write file or device (Write 29 bytes on handle 5)
2018-12-25T11:40:18.829507871Z	64	PC: 130d7 \| Write file or device (Write 2095 bytes on handle 5)
2018-12-25T11:40:18.838503051Z	64	PC: 130dd \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T11:40:18.842958726Z	42	PC: 12af8 \| Get date 0x12af8: cmp dl, 0x1d 0x12afb: jl 0x12b03 0x12afd: mov word ptr [bp + 0x2a6], 1 0x12b03: cmp dl, 0xe 0x12b06: jne 0x12b1e 0x12b08: mov ah, 0xf 0x12b0a: mov al, 1 0x12b0c: call 0x13023 0x12b0f: lea si, word ptr [bp + 0x2b4] 0x12b13: mov dl, 0x11 0x12b15: mov dh, 0xf 0x12b17: call 0x13048 0x12b1a: xor ah, ah 0x12b1c: int 0x16 0x12b1e: xchg bp, di 0x12b20: mov bp, sp 0x12b22: sub sp, 0x80 0x12b26: mov ah, 0x2f 0x12b28: int 0x21 0x12b2a: mov ah, 0x1a

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":161,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:18.227581365Z	61	PC: 1317b \| Open file (Filename = 'c:\autoexec.bat')
2018-12-25T11:40:18.236308188Z	63	PC: 1318e \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:40:18.239200689Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.241906868Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.244599437Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.247535013Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.250230538Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.25290134Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.255973805Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.258939956Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.262027235Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.265701919Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.268949036Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.272056026Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.275694749Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.278705984Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.281466628Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.284682022Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.287771231Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.290938323Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.294565501Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.297622365Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.30163158Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.30476121Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.30777103Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.310500196Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.313385494Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.3167724Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.319364805Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.32217093Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.325696577Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.328343568Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.331046101Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.334142695Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.336881275Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.339505439Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.342651903Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.345295758Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.347801355Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.351343411Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.354055693Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.357260214Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.361189713Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.364522775Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.367136054Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.370821088Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.373483199Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.376022896Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.378923504Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.381895891Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.384608148Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.387654502Z	63	PC: 1318e \| Read file or device (See above)
2018-12-25T11:40:18.391259038Z	66	PC: 1329d \| Move file pointer
2018-12-25T11:40:18.392604973Z	63	PC: 1321c \| Read file or device (Read 100 bytes on handle 5)
2018-12-25T11:40:18.395177917Z	63	PC: 1321c \| Read file or device (See above)
2018-12-25T11:40:18.397765378Z	66	PC: 1329d \| Move file pointer (See above)
2018-12-25T11:40:18.399580292Z	64	PC: 13236 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:40:18.40249805Z	64	PC: 1323e \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T11:40:18.406045322Z	64	PC: 13249 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:40:18.408881301Z	64	PC: 13255 \| Write file or device (Write 90 bytes on handle 5)
2018-12-25T11:40:18.41184126Z	62	PC: 13259 \| Close file
2018-12-25T11:40:18.801761724Z	60	PC: 13261 \| Create or truncate file
2018-12-25T11:40:18.818752944Z	64	PC: 130c9 \| Write file or device (Write 29 bytes on handle 5)
2018-12-25T11:40:18.824158375Z	64	PC: 130d7 \| Write file or device (Write 2095 bytes on handle 5)
2018-12-25T11:40:18.830931292Z	64	PC: 130dd \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:40:18.83503784Z	42	PC: 12af8 \| Get date 0x12af8: cmp dl, 0x1d 0x12afb: jl 0x12b03 0x12afd: mov word ptr [bp + 0x2a6], 1 0x12b03: cmp dl, 0xe 0x12b06: jne 0x12b1e 0x12b08: mov ah, 0xf 0x12b0a: mov al, 1 0x12b0c: call 0x13023 0x12b0f: lea si, word ptr [bp + 0x2b4] 0x12b13: mov dl, 0x11 0x12b15: mov dh, 0xf 0x12b17: call 0x13048 0x12b1a: xor ah, ah 0x12b1c: int 0x16 0x12b1e: xchg bp, di 0x12b20: mov bp, sp 0x12b22: sub sp, 0x80 0x12b26: mov ah, 0x2f 0x12b28: int 0x21 0x12b2a: mov ah, 0x1a
2018-12-25T11:40:18.83808699Z	47	PC: 12b2a \| Get disk transfer address
2018-12-25T11:40:18.84068426Z	26	PC: 12b31 \| Set disk transfer address
2018-12-25T11:40:18.842628472Z	71	PC: 12b40 \| Get current directory
2018-12-25T11:40:18.846261437Z	59	PC: 12b48 \| Change current directory
2018-12-25T11:40:18.851190812Z	47	PC: 12d9c \| Get disk transfer address
2018-12-25T11:40:18.853902021Z	26	PC: 12daa \| Set disk transfer address
2018-12-25T11:40:18.855562038Z	78	PC: 12db5 \| Find first file
2018-12-25T11:40:18.862672355Z	79	PC: 12ddd \| Find next file
2018-12-25T11:40:18.866906188Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.870256641Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.873152425Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.876602542Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.878379127Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.880022212Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.882679529Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.892972797Z	79	PC: 12ddd \| Find next file (See above)
2018-12-25T11:40:18.896357375Z	47	PC: 12e5b \| Get disk transfer address
2018-12-25T11:40:18.905220511Z	26	PC: 12eab \| Set disk transfer address
2018-12-25T11:40:18.906231261Z	78	PC: 12eb6 \| Find first file
2018-12-25T11:40:18.910361665Z	47	PC: 12ec0 \| Get disk transfer address
2018-12-25T11:40:18.911494835Z	87	PC: 130f1 \| Get or set file date and time
2018-12-25T11:40:18.913474032Z	60	PC: 12ecf \| Create or truncate file
2018-12-25T11:40:18.933109125Z	64	PC: 12edb \| Write file or device (Write 33 bytes on handle 6)
2018-12-25T11:40:18.937153254Z	87	PC: 130eb \| Get or set file date and time
2018-12-25T11:40:18.938924286Z	62	PC: 12ee2 \| Close file
2018-12-25T11:40:18.947183406Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:18.94996143Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:18.952061942Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:18.953895425Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:18.967745646Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:18.97212271Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:18.973624725Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:18.982340533Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:18.985679832Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:18.986827616Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:18.988368699Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.002182365Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.006276823Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.008333958Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.018080283Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.022196921Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:19.023402398Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:19.025672599Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.039303636Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.043873963Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.046538305Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.055348085Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.058430066Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:19.060610428Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:19.06256976Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.07638641Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.080944101Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.082741564Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.09203732Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.095918014Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:19.097032449Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:19.098444242Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.111954434Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.116447383Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.117995312Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.126684661Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.129700254Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:19.130798578Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:19.132465087Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.146227664Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.150133618Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.152315049Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.161226649Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.164036192Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:19.165115372Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:19.166823731Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.17996202Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.183857278Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.186611325Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.195236399Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.198352552Z	47	PC: 12ec0 \| Get disk transfer address (See above)
2018-12-25T11:40:19.200187991Z	87	PC: 130f1 \| Get or set file date and time (See above)
2018-12-25T11:40:19.201704017Z	60	PC: 12ecf \| Create or truncate file (See above)
2018-12-25T11:40:19.214843001Z	64	PC: 12edb \| Write file or device (See above)
2018-12-25T11:40:19.220266941Z	87	PC: 130eb \| Get or set file date and time (See above)
2018-12-25T11:40:19.221962739Z	62	PC: 12ee2 \| Close file (See above)
2018-12-25T11:40:19.230376669Z	79	PC: 12eb6 \| Find next file (See above)
2018-12-25T11:40:19.233749381Z	26	PC: 12eef \| Set disk transfer address
2018-12-25T11:40:19.235040466Z	26	PC: 12df5 \| Set disk transfer address
2018-12-25T11:40:19.236286627Z	59	PC: 12b52 \| Change current directory