Sample viewer

vx.netlux.org/Virus.DOS.Akuku.886.f

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:38.069436209Z 37 PC: 13c4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:38.072401016Z 47 PC: 13c59 | Get disk transfer address
2018-12-17T23:09:38.073896392Z 26 PC: 13c62 | Set disk transfer address
2018-12-17T23:09:38.075131666Z 25 PC: 13c66 | Get default drive
2018-12-17T23:09:38.076375602Z 44 PC: 13c6d | Get time 0x13c6d: and dh, 0xf
0x13c70: mov dl, dh
0x13c72: cmp dh, 0
0x13c75: je 0x13c7c
0x13c77: cmp dl, 2
0x13c7a: jne 0x13c80
0x13c7c: mov ah, 0xe
0x13c7e: int 0x21
0x13c80: mov ax, cs
0x13c82: mov es, ax
0x13c84: mov byte ptr [0x3b8], 0
0x13c89: nop
0x13c8a: mov di, 0x382
0x13c8d: mov word ptr [0x3b6], di
0x13c91: call 0x13ede
0x13c94: mov di, 0x382
0x13c97: mov ax, 0x2e2a
0x13c9a: stosw word ptr es:[di], ax
0x13c9b: mov ah, 0
0x13c9d: stosw word ptr es:[di], ax
2018-12-17T23:09:38.078894133Z 14 PC: 13c80 | Set default drive (Drive = 'C')
2018-12-17T23:09:38.081658691Z 78 PC: 13ef3 | Find first file
2018-12-17T23:09:38.087126254Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.09861156Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.101668579Z 54 PC: 13f76 | Get free disk space
2018-12-17T23:09:38.14206026Z 67 PC: 13f8f | Get or set file attributes
2018-12-17T23:09:38.15272432Z 67 PC: 13f9b | Get or set file attributes
2018-12-17T23:09:38.505798682Z 61 PC: 13fa0 | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:09:38.512173679Z 87 PC: 13fa7 | Get or set file date and time
2018-12-17T23:09:38.514628575Z 63 PC: 13e03 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:38.519830481Z 66 PC: 13e4a | Move file pointer
2018-12-17T23:09:38.521218991Z 64 PC: 13e5d | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:38.527975967Z 64 PC: 13e0f | Write file or device (Write 886 bytes on handle 5)
2018-12-17T23:09:38.537603888Z 64 PC: 13e1b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:38.540113002Z 66 PC: 13e24 | Move file pointer
2018-12-17T23:09:38.542020151Z 64 PC: 13e3f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:38.544965527Z 87 PC: 13dd5 | Get or set file date and time
2018-12-17T23:09:38.546648392Z 62 PC: 13dd9 | Close file
2018-12-17T23:09:38.55462615Z 67 PC: 13de5 | Get or set file attributes
2018-12-17T23:09:38.569246065Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.572122044Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.575454765Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.578773391Z 78 PC: 13ca7 | Find first file
2018-12-17T23:09:38.584216596Z 79 PC: 13cec | Find next file
2018-12-17T23:09:38.59333151Z 79 PC: 13cec | Find next file
2018-12-17T23:09:38.596950264Z 78 PC: 13ef3 | Find first file
2018-12-17T23:09:38.607214282Z 54 PC: 13f76 | Get free disk space
2018-12-17T23:09:38.61120187Z 67 PC: 13f8f | Get or set file attributes
2018-12-17T23:09:38.625875322Z 67 PC: 13f9b | Get or set file attributes
2018-12-17T23:09:38.636136509Z 61 PC: 13fa0 | Open file (Filename = 'DOS\ATTRIB.EXE')
2018-12-17T23:09:38.645362173Z 87 PC: 13fa7 | Get or set file date and time
2018-12-17T23:09:38.647091375Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:09:38.652687051Z 66 PC: 13e4a | Move file pointer
2018-12-17T23:09:38.655049187Z 64 PC: 13e5d | Write file or device (Write 8 bytes on handle 5)
2018-12-17T23:09:38.661431947Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-17T23:09:38.669087518Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:38.671954477Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:09:38.67604391Z 66 PC: 13db8 | Move file pointer
2018-12-17T23:09:38.677898178Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:09:38.681043981Z 87 PC: 13dd5 | Get or set file date and time
2018-12-17T23:09:38.683522909Z 62 PC: 13dd9 | Close file
2018-12-17T23:09:38.690996321Z 67 PC: 13de5 | Get or set file attributes
2018-12-17T23:09:38.700789471Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.704784343Z 54 PC: 13f76 | Get free disk space
2018-12-17T23:09:38.708517091Z 67 PC: 13f8f | Get or set file attributes
2018-12-17T23:09:38.714558881Z 67 PC: 13f9b | Get or set file attributes
2018-12-17T23:09:38.724245004Z 61 PC: 13fa0 | Open file (Filename = 'DOS\CHKDSK.EXE')
2018-12-17T23:09:38.731569524Z 87 PC: 13fa7 | Get or set file date and time
2018-12-17T23:09:38.732892666Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:09:38.739190044Z 66 PC: 13e4a | Move file pointer
2018-12-17T23:09:38.740903611Z 64 PC: 13e5d | Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:09:38.744820894Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-17T23:09:38.7497217Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:38.752090155Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:09:38.753939201Z 66 PC: 13db8 | Move file pointer
2018-12-17T23:09:38.755077799Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:09:38.757461416Z 87 PC: 13dd5 | Get or set file date and time
2018-12-17T23:09:38.758575339Z 62 PC: 13dd9 | Close file
2018-12-17T23:09:38.763467498Z 67 PC: 13de5 | Get or set file attributes
2018-12-17T23:09:38.769968411Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.772018927Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.774071049Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.776725435Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.778805492Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.780778916Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.783227894Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.785381135Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.787458174Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.789937599Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.792025212Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.794008574Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.796597269Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.800439282Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.802498123Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.805618595Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.807710795Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.80977822Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.812335407Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.814423612Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.816482968Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.819228056Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.821336814Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.823464046Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.826105008Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.82815566Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.830219179Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.833021892Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.835228628Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.839014352Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.843742593Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.852468503Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.855478379Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.859218008Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.861990349Z 79 PC: 13cec | Find next file
2018-12-17T23:09:38.864483543Z 79 PC: 13cec | Find next file
2018-12-17T23:09:38.867433458Z 78 PC: 13ef3 | Find first file
2018-12-17T23:09:38.876966167Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.880548559Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.886881138Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.890221672Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.893523982Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.897620942Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.899944816Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.902166427Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.904876499Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.906964409Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.909328499Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.911796842Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.914018045Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.918220297Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.92071582Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.922825691Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.924834133Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.927397011Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.929847988Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.932117348Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.934714342Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.936744241Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.938637288Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.941151349Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.943098366Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.944945552Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.948592695Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.952245067Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.955231345Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.961783294Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.964632167Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.967609767Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.971801162Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.975024322Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.978338346Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.983358914Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.987184883Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.990152996Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.994196583Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:38.997438997Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.00078781Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.004868238Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.007930968Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.01107362Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.015486595Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.022176486Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.025319651Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.029544999Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.033216413Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.036731211Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.040954031Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.044620683Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.047639163Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.051481807Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.055453113Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.059004325Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.063026678Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.066817957Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.070239833Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.073782334Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.077811959Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.084617396Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.088239076Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.091798343Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.095975711Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.099679548Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.104704779Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.109824364Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.11339942Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.117326929Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.120622764Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.123656305Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.127723491Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.13030713Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.133379209Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.136444683Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.13963192Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.145782531Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.15012448Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.154386864Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.158498959Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.162547905Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.166546093Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.169880628Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.174149031Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.177695554Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.18105073Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.185046577Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.188060015Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.190969217Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.194622092Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.19772654Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.201100189Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.207965804Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.211174106Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.214477828Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.218104413Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.22140206Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.225486412Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.229018922Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.231976571Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.235820935Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.239278027Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.24228435Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.246264637Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.249234765Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.252231623Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.259051706Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.262217107Z 79 PC: 13f5e | Find next file
2018-12-17T23:09:39.265057963Z 79 PC: 13cec | Find next file
2018-12-17T23:09:39.268209627Z 79 PC: 13cec | Find next file
2018-12-17T23:09:39.270735072Z 79 PC: 13cec | Find next file
2018-12-17T23:09:39.273083802Z 14 PC: 13cf9 | Set default drive (Drive = '›')
2018-12-17T23:09:39.274861112Z 44 PC: 13cfd | Get time 0x13cfd: cmp cl, 0x20
0x13d00: jb 0x13d34
0x13d02: cmp cl, 0x23
0x13d05: jae 0x13d34
0x13d07: mov ah, 9
0x13d09: mov dx, 0xd2
0x13d0c: int 0x21
0x13d0e: mov ah, 0x4c
0x13d10: int 0x21
0x13d12: or ax, 0x410a
0x13d15: and byte ptr [bx], cl
0x13d17: add byte ptr [di], al
0x13d19: add byte ptr [bx], cl
0x13d1b: add byte ptr [bp + si], dl
0x13d1d: add byte ptr [di], al
0x13d1f: push cs
0x13d20: add ax, 0
0x13d23: add byte ptr [bp + si + 3], bl
0x13d26: fadd qword ptr [di]
0x13d28: inc ax
2018-12-17T23:09:39.277071701Z 44 PC: 13d45 | Get time 0x13d45: pop ax
0x13d46: pop ds
0x13d47: pop es
0x13d48: ljmp ptr cs:[0x376]
0x13d4d: call 0x13f64
0x13d50: mov dx, 0x3ba
0x13d53: mov ah, 0x3f
0x13d55: mov cx, 0x1b
0x13d58: int 0x21
0x13d5a: mov si, dx
0x13d5c: call 0x13e41
0x13d5f: sub bp, word ptr [si + 8]
0x13d62: add dx, 0x3ba
0x13d66: adc cx, 0
0x13d69: mov ax, dx
0x13d6b: and ax, 0x1ff
0x13d6e: mov word ptr [si + 2], ax
0x13d71: shr cx, 1
0x13d73: rcr dx, 1
0x13d75: mov dl, dh

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16596,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:39.069803577Z 37 PC: 13c4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:39.071310403Z 47 PC: 13c59 | Get disk transfer address
2018-12-25T13:07:39.072281699Z 26 PC: 13c62 | Set disk transfer address
2018-12-25T13:07:39.073415838Z 25 PC: 13c66 | Get default drive
2018-12-25T13:07:39.074890032Z 44 PC: 13c6d | Get time 0x13c6d: and dh, 0xf
0x13c70: mov dl, dh
0x13c72: cmp dh, 0
0x13c75: je 0x13c7c
0x13c77: cmp dl, 2
0x13c7a: jne 0x13c80
0x13c7c: mov ah, 0xe
0x13c7e: int 0x21
0x13c80: mov ax, cs
0x13c82: mov es, ax
0x13c84: mov byte ptr [0x3b8], 0
0x13c89: nop
0x13c8a: mov di, 0x382
0x13c8d: mov word ptr [0x3b6], di
0x13c91: call 0x13ede
0x13c94: mov di, 0x382
0x13c97: mov ax, 0x2e2a
0x13c9a: stosw word ptr es:[di], ax
0x13c9b: mov ah, 0
0x13c9d: stosw word ptr es:[di], ax
2018-12-25T13:07:39.076828859Z 78 PC: 13ef3 | Find first file
2018-12-25T13:07:39.082507217Z 79 PC: 13f5e | Find next file
2018-12-25T13:07:39.085389234Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.087883412Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.090385086Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.093821669Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.096354039Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.098947888Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.103408958Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.105903005Z 54 PC: 13f76 | Get free disk space
2018-12-25T13:07:39.115024645Z 67 PC: 13f8f | Get or set file attributes
2018-12-25T13:07:39.120700178Z 67 PC: 13f9b | Get or set file attributes
2018-12-25T13:07:39.136562798Z 61 PC: 13fa0 | Open file (Filename = 'TEST.EXE')
2018-12-25T13:07:39.142827873Z 87 PC: 13fa7 | Get or set file date and time
2018-12-25T13:07:39.144030425Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T13:07:39.147096098Z 66 PC: 13e4a | Move file pointer
2018-12-25T13:07:39.152805656Z 64 PC: 13e5d | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:07:39.155938239Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T13:07:39.164807101Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:07:39.167314414Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:07:39.169832046Z 66 PC: 13db8 | Move file pointer
2018-12-25T13:07:39.171656963Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T13:07:39.174482074Z 87 PC: 13dd5 | Get or set file date and time
2018-12-25T13:07:39.176091944Z 62 PC: 13dd9 | Close file
2018-12-25T13:07:39.184038329Z 67 PC: 13de5 | Get or set file attributes
2018-12-25T13:07:39.202925882Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:39.205237308Z 78 PC: 13ca7 | Find first file
2018-12-25T13:07:39.20996693Z 79 PC: 13cec | Find next file
2018-12-25T13:07:39.211458249Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.212954894Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.214898577Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.217220969Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.219445602Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.221968928Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.224209067Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.226315797Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:39.228524606Z 14 PC: 13cf9 | Set default drive (Drive = '›')
2018-12-25T13:07:39.229534629Z 44 PC: 13cfd | Get time 0x13cfd: cmp cl, 0x20
0x13d00: jb 0x13d34
0x13d02: cmp cl, 0x23
0x13d05: jae 0x13d34
0x13d07: mov ah, 9
0x13d09: mov dx, 0xd2
0x13d0c: int 0x21
0x13d0e: mov ah, 0x4c
0x13d10: int 0x21
0x13d12: or ax, 0x410a
0x13d15: and byte ptr [si], al
0x13d17: add byte ptr [di], al
0x13d19: add byte ptr [si], al
0x13d1b: add byte ptr [bp + si], dl
0x13d1d: add byte ptr [di], al
0x13d1f: push cs
0x13d20: add ax, 0x1000
0x13d23: add byte ptr [bp + si + 3], bl
0x13d26: fadd qword ptr [di]
0x13d28: xchg byte ptr [bp + di], al
2018-12-25T13:07:39.231492222Z 44 PC: 13d45 | Get time 0x13d45: pop ax
0x13d46: pop ds
0x13d47: pop es
0x13d48: ljmp ptr cs:[0x376]
0x13d4d: call 0x13f64
0x13d50: mov dx, 0x3ba
0x13d53: mov ah, 0x3f
0x13d55: mov cx, 0x1b
0x13d58: int 0x21
0x13d5a: mov si, dx
0x13d5c: call 0x13e41
0x13d5f: sub bp, word ptr [si + 8]
0x13d62: add dx, 0x3ba
0x13d66: adc cx, 0
0x13d69: mov ax, dx
0x13d6b: and ax, 0x1ff
0x13d6e: mov word ptr [si + 2], ax
0x13d71: shr cx, 1
0x13d73: rcr dx, 1
0x13d75: mov dl, dh
2018-12-25T13:07:39.364878285Z 82 PC: 117fc | Get DOS internal pointers (SYSVARS)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16596,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:40.130923517Z 37 PC: 13c4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:40.132406163Z 47 PC: 13c59 | Get disk transfer address
2018-12-25T13:07:40.134074834Z 26 PC: 13c62 | Set disk transfer address
2018-12-25T13:07:40.1357817Z 25 PC: 13c66 | Get default drive
2018-12-25T13:07:40.138048008Z 44 PC: 13c6d | Get time 0x13c6d: and dh, 0xf
0x13c70: mov dl, dh
0x13c72: cmp dh, 0
0x13c75: je 0x13c7c
0x13c77: cmp dl, 2
0x13c7a: jne 0x13c80
0x13c7c: mov ah, 0xe
0x13c7e: int 0x21
0x13c80: mov ax, cs
0x13c82: mov es, ax
0x13c84: mov byte ptr [0x3b8], 0
0x13c89: nop
0x13c8a: mov di, 0x382
0x13c8d: mov word ptr [0x3b6], di
0x13c91: call 0x13ede
0x13c94: mov di, 0x382
0x13c97: mov ax, 0x2e2a
0x13c9a: stosw word ptr es:[di], ax
0x13c9b: mov ah, 0
0x13c9d: stosw word ptr es:[di], ax
2018-12-25T13:07:40.141208385Z 14 PC: 13c80 | Set default drive (Drive = 'C')
2018-12-25T13:07:40.14320533Z 78 PC: 13ef3 | Find first file
2018-12-25T13:07:40.150081866Z 79 PC: 13f5e | Find next file
2018-12-25T13:07:40.154795218Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.158507001Z 54 PC: 13f76 | Get free disk space
2018-12-25T13:07:40.2049403Z 67 PC: 13f8f | Get or set file attributes
2018-12-25T13:07:40.21576625Z 67 PC: 13f9b | Get or set file attributes
2018-12-25T13:07:40.58902677Z 61 PC: 13fa0 | Open file (Filename = 'COMMAND.COM')
2018-12-25T13:07:40.598250188Z 87 PC: 13fa7 | Get or set file date and time
2018-12-25T13:07:40.601864077Z 63 PC: 13e03 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:07:40.608762087Z 66 PC: 13e4a | Move file pointer
2018-12-25T13:07:40.610742462Z 64 PC: 13e5d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T13:07:40.619059323Z 64 PC: 13e0f | Write file or device (Write 886 bytes on handle 5)
2018-12-25T13:07:40.630481543Z 64 PC: 13e1b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:40.633671081Z 66 PC: 13e24 | Move file pointer
2018-12-25T13:07:40.636034721Z 64 PC: 13e3f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:40.641539901Z 87 PC: 13dd5 | Get or set file date and time
2018-12-25T13:07:40.643398909Z 62 PC: 13dd9 | Close file
2018-12-25T13:07:40.654036876Z 67 PC: 13de5 | Get or set file attributes
2018-12-25T13:07:40.666220194Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.669321333Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.672756095Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.684545078Z 78 PC: 13ca7 | Find first file
2018-12-25T13:07:40.69155343Z 79 PC: 13cec | Find next file
2018-12-25T13:07:40.695512211Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:40.702960468Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T13:07:40.719176907Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T13:07:40.722475894Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T13:07:40.730026852Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T13:07:40.768473607Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T13:07:40.77709552Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T13:07:40.779552814Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T13:07:40.78707888Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T13:07:40.789153674Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T13:07:40.796454055Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T13:07:40.810971862Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T13:07:40.814126899Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T13:07:40.817435949Z 66 PC: 13db8 | Move file pointer
2018-12-25T13:07:40.82031008Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T13:07:40.823975455Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T13:07:40.826155799Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T13:07:40.83655094Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T13:07:40.859970974Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.864195463Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T13:07:40.86816337Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T13:07:40.876529153Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T13:07:40.887594195Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T13:07:40.895656201Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T13:07:40.898367835Z 63 PC: 13d5a | Read file or device (See above)
2018-12-25T13:07:40.905256476Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T13:07:40.907282483Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T13:07:40.915515964Z 64 PC: 13d8b | Write file or device (See above)
2018-12-25T13:07:40.92462245Z 64 PC: 13d99 | Write file or device (See above)
2018-12-25T13:07:40.927971681Z 64 PC: 13da9 | Write file or device (See above)
2018-12-25T13:07:40.931664052Z 66 PC: 13db8 | Move file pointer (See above)
2018-12-25T13:07:40.933802861Z 64 PC: 13dc2 | Write file or device (See above)
2018-12-25T13:07:40.93833347Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T13:07:40.94181869Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T13:07:40.949477109Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T13:07:40.960712854Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.964970638Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.968475489Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.972332068Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.977920112Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.982153135Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.986333425Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.991463088Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:40.996066621Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.004108551Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.0138601Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.023998382Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.028135755Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.035570689Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.040806656Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.04473676Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.048675012Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.053464584Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.057903038Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.061855231Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.066801941Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.07067347Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.07526565Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.079064305Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.08414278Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.088050088Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.091999536Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.097040698Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.100991695Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.108456731Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.113324759Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.117501007Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.121514859Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.126328167Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.130288766Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:41.133748187Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:41.13714591Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T13:07:41.149375745Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.153339956Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.157156754Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.162192231Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.166165717Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.170471427Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.175477692Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.179113025Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.18285386Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.187154064Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.191026793Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.194868306Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.199999314Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.207101477Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.210612185Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.215605682Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.223039363Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.226762458Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.230264413Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.233794506Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.23724585Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.241636939Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.246530792Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.250281759Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.253953963Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.258113974Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.261705737Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.265334906Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.270051857Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.27766224Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.281504353Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.286777841Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.290873311Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.295054525Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.299660466Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.303594289Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.307652721Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.31260067Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.316790865Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.320700628Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.325192991Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.329112426Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.333015188Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.337744523Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.342042816Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.349681375Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.355111185Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.359080826Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.362951261Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.3675277Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.371588528Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.37562605Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.380407937Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.384702522Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.388651613Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.393128712Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.396970517Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.400786654Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.405610557Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.409599345Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.413538343Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.421967605Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.427121126Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.431010162Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.435474473Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.43960097Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.443561647Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.447763986Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.451826475Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.455755573Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.460585298Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.46534244Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.469374834Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.473551459Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.478415672Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.482362714Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.486311916Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.495638322Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.499599636Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.503536735Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.508666717Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.512616862Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.516571142Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.521610395Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.525577701Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.529515746Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.534397317Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.538556574Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.542503192Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.547767982Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.552108509Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.556042497Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.560696834Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.568904629Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.572927642Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.577595094Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.5815627Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.585501097Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.590199224Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.594162739Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.598097651Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.60270862Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.606688445Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.61063995Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.615329555Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.619280337Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.623221387Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.631824813Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.635810463Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T13:07:41.64019822Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:41.644345114Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:41.647671934Z 79 PC: 13cec | Find next file (See above)
2018-12-25T13:07:41.650578369Z 14 PC: 13cf9 | Set default drive (Drive = '›')
2018-12-25T13:07:41.653047497Z 44 PC: 13cfd | Get time 0x13cfd: cmp cl, 0x20
0x13d00: jb 0x13d34
0x13d02: cmp cl, 0x23
0x13d05: jae 0x13d34
0x13d07: mov ah, 9
0x13d09: mov dx, 0xd2
0x13d0c: int 0x21
0x13d0e: mov ah, 0x4c
0x13d10: int 0x21
0x13d12: or ax, 0x410a
0x13d15: and byte ptr [bx], cl
0x13d17: add byte ptr [di], al
0x13d19: add byte ptr [bx], cl
0x13d1b: add byte ptr [bp + si], dl
0x13d1d: add byte ptr [di], al
0x13d1f: push cs
0x13d20: add ax, 0
0x13d23: add byte ptr [bp + si + 3], bl
0x13d26: fadd qword ptr [di]
0x13d28: inc ax
2018-12-25T13:07:41.656203066Z 44 PC: 13d45 | Get time 0x13d45: pop ax
0x13d46: pop ds
0x13d47: pop es
0x13d48: ljmp ptr cs:[0x376]
0x13d4d: call 0x13f64
0x13d50: mov dx, 0x3ba
0x13d53: mov ah, 0x3f
0x13d55: mov cx, 0x1b
0x13d58: int 0x21
0x13d5a: mov si, dx
0x13d5c: call 0x13e41
0x13d5f: sub bp, word ptr [si + 8]
0x13d62: add dx, 0x3ba
0x13d66: adc cx, 0
0x13d69: mov ax, dx
0x13d6b: and ax, 0x1ff
0x13d6e: mov word ptr [si + 2], ax
0x13d71: shr cx, 1
0x13d73: rcr dx, 1
0x13d75: mov dl, dh
2018-12-25T13:07:41.808679789Z 37 PC: f06b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:41.811062231Z 47 PC: f075 | Get disk transfer address
2018-12-25T13:07:41.813509182Z 26 PC: f07e | Set disk transfer address
2018-12-25T13:07:41.814824499Z 25 PC: f082 | Get default drive
2018-12-25T13:07:41.81615751Z 44 PC: f089 | Get time 0xf089: and dh, 0xf
0xf08c: mov dl, dh
0xf08e: cmp dh, 0
0xf091: je 0xf098
0xf093: cmp dl, 2
0xf096: jne 0xf09c
0xf098: mov ah, 0xe
0xf09a: int 0x21
0xf09c: mov ax, cs
0xf09e: mov es, ax
0xf0a0: mov byte ptr [0x3b8], 0
0xf0a5: nop
0xf0a6: mov di, 0x382
0xf0a9: mov word ptr [0x3b6], di
0xf0ad: call 0xf2fa
0xf0b0: mov di, 0x382
0xf0b3: mov ax, 0x2e2a
0xf0b6: stosw word ptr es:[di], ax
0xf0b7: mov ah, 0
0xf0b9: stosw word ptr es:[di], ax
2018-12-25T13:07:41.820315395Z 64 PC: 19838 | Write file or device (Write 140 bytes on handle 2)
2018-12-25T13:07:41.828961023Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T13:07:41.831023233Z 51 PC: 19d8b | Get or set Ctrl-Break
2018-12-25T13:07:41.833111259Z 0 PC: 19d9d | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16596,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:30.097166075Z 37 PC: 13c4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:30.098754053Z 47 PC: 13c59 | Get disk transfer address
2018-12-25T12:53:30.100564785Z 26 PC: 13c62 | Set disk transfer address
2018-12-25T12:53:30.1018015Z 25 PC: 13c66 | Get default drive
2018-12-25T12:53:30.103024166Z 44 PC: 13c6d | Get time 0x13c6d: and dh, 0xf
0x13c70: mov dl, dh
0x13c72: cmp dh, 0
0x13c75: je 0x13c7c
0x13c77: cmp dl, 2
0x13c7a: jne 0x13c80
0x13c7c: mov ah, 0xe
0x13c7e: int 0x21
0x13c80: mov ax, cs
0x13c82: mov es, ax
0x13c84: mov byte ptr [0x3b8], 0
0x13c89: nop
0x13c8a: mov di, 0x382
0x13c8d: mov word ptr [0x3b6], di
0x13c91: call 0x13ede
0x13c94: mov di, 0x382
0x13c97: mov ax, 0x2e2a
0x13c9a: stosw word ptr es:[di], ax
0x13c9b: mov ah, 0
0x13c9d: stosw word ptr es:[di], ax
2018-12-25T12:53:30.106909562Z 14 PC: 13c80 | Set default drive (Drive = 'C')
2018-12-25T12:53:30.10887981Z 78 PC: 13ef3 | Find first file
2018-12-25T12:53:30.115518064Z 79 PC: 13f5e | Find next file
2018-12-25T12:53:30.120035617Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.12358532Z 54 PC: 13f76 | Get free disk space
2018-12-25T12:53:30.168845737Z 67 PC: 13f8f | Get or set file attributes
2018-12-25T12:53:30.178126695Z 67 PC: 13f9b | Get or set file attributes
2018-12-25T12:53:30.539467646Z 61 PC: 13fa0 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:53:30.546748468Z 87 PC: 13fa7 | Get or set file date and time
2018-12-25T12:53:30.548816963Z 63 PC: 13e03 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:30.555962496Z 66 PC: 13e4a | Move file pointer
2018-12-25T12:53:30.557640072Z 64 PC: 13e5d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:53:30.565745979Z 64 PC: 13e0f | Write file or device (Write 886 bytes on handle 5)
2018-12-25T12:53:30.576867889Z 64 PC: 13e1b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:30.579914962Z 66 PC: 13e24 | Move file pointer
2018-12-25T12:53:30.581621847Z 64 PC: 13e3f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:30.585493974Z 87 PC: 13dd5 | Get or set file date and time
2018-12-25T12:53:30.58747892Z 62 PC: 13dd9 | Close file
2018-12-25T12:53:30.595496034Z 67 PC: 13de5 | Get or set file attributes
2018-12-25T12:53:30.606646028Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.610368274Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.613237112Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.616639026Z 78 PC: 13ca7 | Find first file
2018-12-25T12:53:30.623155546Z 79 PC: 13cec | Find next file
2018-12-25T12:53:30.626387151Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:30.631663604Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T12:53:30.641895016Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T12:53:30.644857108Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T12:53:30.651948649Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T12:53:30.662982496Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T12:53:30.683583892Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T12:53:30.685637629Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T12:53:30.693561704Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T12:53:30.695581209Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T12:53:30.702661704Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T12:53:30.711414645Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:30.714796143Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:53:30.718216914Z 66 PC: 13db8 | Move file pointer
2018-12-25T12:53:30.732971172Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T12:53:30.73627181Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T12:53:30.738065525Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T12:53:30.748652005Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T12:53:30.759562664Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.763235489Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T12:53:30.766676578Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T12:53:30.77773987Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T12:53:30.788380808Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T12:53:30.796531248Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T12:53:30.79825354Z 63 PC: 13d5a | Read file or device (See above)
2018-12-25T12:53:30.804441881Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T12:53:30.806302044Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T12:53:30.814230908Z 64 PC: 13d8b | Write file or device (See above)
2018-12-25T12:53:30.822999284Z 64 PC: 13d99 | Write file or device (See above)
2018-12-25T12:53:30.826483823Z 64 PC: 13da9 | Write file or device (See above)
2018-12-25T12:53:30.830240014Z 66 PC: 13db8 | Move file pointer (See above)
2018-12-25T12:53:30.8322355Z 64 PC: 13dc2 | Write file or device (See above)
2018-12-25T12:53:30.836767268Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T12:53:30.839395787Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T12:53:30.84767769Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T12:53:30.85844017Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.862887731Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.86654292Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.870237424Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.874483459Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.878436804Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.882170738Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.886372783Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.890248317Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.893958371Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.897858336Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.902085894Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.906843896Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.914249097Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.918651608Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.922071459Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.925591675Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.929929288Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.933824376Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.937668747Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.942265737Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.946415166Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.950348533Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.954965246Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.958935674Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.962657365Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.966589691Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.970424099Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.975003937Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.982086838Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.986151843Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.989712774Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.993149137Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:30.997180038Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.000451547Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:31.003482369Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:31.007138737Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T12:53:31.017208049Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.020827802Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.025102866Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.028747436Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.032281422Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.035993191Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.04114119Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.044770172Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.048333514Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.052895601Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.056542666Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.060173787Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.064841408Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.071852815Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.075432722Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.080229644Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.083873235Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.087564935Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.092563906Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.096201188Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.099829766Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.104736621Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.108592684Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.112458624Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.117200514Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.122122582Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.126118988Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.129994033Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.135062642Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.142507636Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.146231012Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.150924696Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.154930787Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.1587942Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.163045326Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.16693685Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.170469868Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.174720896Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.178854871Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.182554275Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.18771576Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.191639433Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.195459512Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.200311678Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.204093274Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.211164424Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.215413059Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.219072843Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.222485357Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.22666782Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.230248016Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.233750717Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.238124818Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.241539539Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.245113405Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.249270939Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.25301931Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.256751605Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.261943558Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.265621739Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.269216142Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.276815229Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.280372159Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.283724295Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.288473687Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.292498427Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.296419938Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.300519089Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.305274111Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.309142479Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.313012877Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.317895105Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.321561077Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.325255653Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.330824026Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.334702562Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.338535474Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.346874Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.350686062Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.354475875Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.359220162Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.363087939Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.366979405Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.371517057Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.375114999Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.378839454Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.38315206Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.386733053Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.390586416Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.395116613Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.399855523Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.403643785Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.408294683Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.415777716Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.41963316Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.424128322Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.42784603Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.431508442Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.435752374Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.439540979Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.443155485Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.447416001Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.451174312Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.454808817Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.458937748Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.462664623Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.467169474Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.475314543Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.478950115Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:31.482571567Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:31.485626568Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:31.488558974Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:31.490977306Z 14 PC: 13cf9 | Set default drive (Drive = '›')
2018-12-25T12:53:31.492435499Z 44 PC: 13cfd | Get time 0x13cfd: cmp cl, 0x20
0x13d00: jb 0x13d34
0x13d02: cmp cl, 0x23
0x13d05: jae 0x13d34
0x13d07: mov ah, 9
0x13d09: mov dx, 0xd2
0x13d0c: int 0x21
0x13d0e: mov ah, 0x4c
0x13d10: int 0x21
0x13d12: or ax, 0x410a
0x13d15: and byte ptr [bx], cl
0x13d17: add byte ptr [di], al
0x13d19: add byte ptr [bx], cl
0x13d1b: add byte ptr [bp + si], dl
0x13d1d: add byte ptr [di], al
0x13d1f: push cs
0x13d20: add ax, 0
0x13d23: add byte ptr [bp + si + 3], bl
0x13d26: fadd qword ptr [di]
0x13d28: inc ax
2018-12-25T12:53:31.495362056Z 44 PC: 13d45 | Get time 0x13d45: pop ax
0x13d46: pop ds
0x13d47: pop es
0x13d48: ljmp ptr cs:[0x376]
0x13d4d: call 0x13f64
0x13d50: mov dx, 0x3ba
0x13d53: mov ah, 0x3f
0x13d55: mov cx, 0x1b
0x13d58: int 0x21
0x13d5a: mov si, dx
0x13d5c: call 0x13e41
0x13d5f: sub bp, word ptr [si + 8]
0x13d62: add dx, 0x3ba
0x13d66: adc cx, 0
0x13d69: mov ax, dx
0x13d6b: and ax, 0x1ff
0x13d6e: mov word ptr [si + 2], ax
0x13d71: shr cx, 1
0x13d73: rcr dx, 1
0x13d75: mov dl, dh

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":32,"Second":0,"TimeBased":true,"OriginalID":16596,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:32.120972309Z 37 PC: 13c4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:32.123304999Z 47 PC: 13c59 | Get disk transfer address
2018-12-25T12:53:32.125845037Z 26 PC: 13c62 | Set disk transfer address
2018-12-25T12:53:32.127498965Z 25 PC: 13c66 | Get default drive
2018-12-25T12:53:32.129180907Z 44 PC: 13c6d | Get time 0x13c6d: and dh, 0xf
0x13c70: mov dl, dh
0x13c72: cmp dh, 0
0x13c75: je 0x13c7c
0x13c77: cmp dl, 2
0x13c7a: jne 0x13c80
0x13c7c: mov ah, 0xe
0x13c7e: int 0x21
0x13c80: mov ax, cs
0x13c82: mov es, ax
0x13c84: mov byte ptr [0x3b8], 0
0x13c89: nop
0x13c8a: mov di, 0x382
0x13c8d: mov word ptr [0x3b6], di
0x13c91: call 0x13ede
0x13c94: mov di, 0x382
0x13c97: mov ax, 0x2e2a
0x13c9a: stosw word ptr es:[di], ax
0x13c9b: mov ah, 0
0x13c9d: stosw word ptr es:[di], ax
2018-12-25T12:53:32.133268014Z 14 PC: 13c80 | Set default drive (Drive = 'C')
2018-12-25T12:53:32.135098138Z 78 PC: 13ef3 | Find first file
2018-12-25T12:53:32.141621333Z 79 PC: 13f5e | Find next file
2018-12-25T12:53:32.145960288Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.149350965Z 54 PC: 13f76 | Get free disk space
2018-12-25T12:53:32.205834443Z 67 PC: 13f8f | Get or set file attributes
2018-12-25T12:53:32.216861635Z 67 PC: 13f9b | Get or set file attributes
2018-12-25T12:53:32.559042292Z 61 PC: 13fa0 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:53:32.566451816Z 87 PC: 13fa7 | Get or set file date and time
2018-12-25T12:53:32.568803394Z 63 PC: 13e03 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:32.575699279Z 66 PC: 13e4a | Move file pointer
2018-12-25T12:53:32.577808144Z 64 PC: 13e5d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:53:32.585265237Z 64 PC: 13e0f | Write file or device (Write 886 bytes on handle 5)
2018-12-25T12:53:32.596845755Z 64 PC: 13e1b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:32.59997539Z 66 PC: 13e24 | Move file pointer
2018-12-25T12:53:32.60163884Z 64 PC: 13e3f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:32.605543461Z 87 PC: 13dd5 | Get or set file date and time
2018-12-25T12:53:32.607254698Z 62 PC: 13dd9 | Close file
2018-12-25T12:53:32.615628431Z 67 PC: 13de5 | Get or set file attributes
2018-12-25T12:53:32.626099479Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.629189229Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.632053919Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.635995174Z 78 PC: 13ca7 | Find first file
2018-12-25T12:53:32.642518859Z 79 PC: 13cec | Find next file
2018-12-25T12:53:32.645621344Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:32.649417359Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T12:53:32.659248728Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T12:53:32.662018748Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T12:53:32.675022711Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T12:53:32.686550506Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T12:53:32.694213478Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T12:53:32.696005412Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T12:53:32.702934871Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T12:53:32.704629105Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T12:53:32.711604183Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T12:53:32.719840256Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:32.722905553Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:53:32.725941156Z 66 PC: 13db8 | Move file pointer
2018-12-25T12:53:32.727926882Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T12:53:32.731280821Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T12:53:32.733146674Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T12:53:32.747658969Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T12:53:32.759257571Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.762875243Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T12:53:32.766439604Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T12:53:32.773701258Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T12:53:32.784810561Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T12:53:32.793738519Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T12:53:32.795647937Z 63 PC: 13d5a | Read file or device (See above)
2018-12-25T12:53:32.801682388Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T12:53:32.803675527Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T12:53:32.810669755Z 64 PC: 13d8b | Write file or device (See above)
2018-12-25T12:53:32.820104788Z 64 PC: 13d99 | Write file or device (See above)
2018-12-25T12:53:32.823095155Z 64 PC: 13da9 | Write file or device (See above)
2018-12-25T12:53:32.83666567Z 66 PC: 13db8 | Move file pointer (See above)
2018-12-25T12:53:32.838213673Z 64 PC: 13dc2 | Write file or device (See above)
2018-12-25T12:53:32.841279335Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T12:53:32.843481732Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T12:53:32.851648057Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T12:53:32.862163597Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.866109608Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.869454051Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.872721544Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.876421297Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.88001475Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.884047645Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.888569022Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.892122964Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.895472632Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.900436845Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.903734012Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.907050497Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.913677802Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.917157783Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.920406144Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.923636638Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.927323805Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.931140899Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.934548474Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.938476831Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.941855425Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.945283976Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.948935479Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.952320954Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.95566961Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.959305326Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.963358601Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.966576533Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.973429709Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.97652129Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.979739479Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.983857027Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.987745467Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.990876342Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:32.994206378Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:32.997124669Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T12:53:33.007161348Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.01084983Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.014447523Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.01775434Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.021909857Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.02527313Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.029373249Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.033367683Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.03666405Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.039795793Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.043367297Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.046715572Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.049901511Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.056864697Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.06022241Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.063502496Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.067040168Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.070469566Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.07384292Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.077603863Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.080944378Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.083156081Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.086110298Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.088300578Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.091815139Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.096192288Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.099609855Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.102743955Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.106322371Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.113170976Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.116407085Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.120137782Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.123459116Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.126742594Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.130429949Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.133768673Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.137120763Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.140742612Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.144154339Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.147403267Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.151100527Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.154507014Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.158810601Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.161529015Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.163900062Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.168246395Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.170972627Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.173326904Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.175486947Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.192009539Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.195684199Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.198972584Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.202634839Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.20597237Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.209352561Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.212927329Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.21646114Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.219744942Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.223339524Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.226773813Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.2301207Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.238693088Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.242113937Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.245450095Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.249049714Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.252897804Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.256180986Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.260009413Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.263912543Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.267267282Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.270990975Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.274557579Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.277976168Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.281770384Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.285654096Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.289162675Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.292796483Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.300814196Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.304178043Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.30818914Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.311534032Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.314974272Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.318581302Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.321920477Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.325149949Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.328412419Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.331841592Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.334952223Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.33827891Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.341735049Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.345105116Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.348458027Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.35218832Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.358950361Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.363321107Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.365663228Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.367763258Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.370035878Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.373651528Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.376857598Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.3802443Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.383728523Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.386985077Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.390475147Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.394126492Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.397212497Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.400448151Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.40698847Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.410074806Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.413071874Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.415915763Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.418548742Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.421285212Z 14 PC: 13cf9 | Set default drive (Drive = '›')
2018-12-25T12:53:33.422544905Z 44 PC: 13cfd | Get time 0x13cfd: cmp cl, 0x20
0x13d00: jb 0x13d34
0x13d02: cmp cl, 0x23
0x13d05: jae 0x13d34
0x13d07: mov ah, 9
0x13d09: mov dx, 0xd2
0x13d0c: int 0x21
0x13d0e: mov ah, 0x4c
0x13d10: int 0x21
0x13d12: or ax, 0x410a
0x13d15: and byte ptr [bx], cl
0x13d17: add byte ptr [di], al
0x13d19: add byte ptr [bx], cl
0x13d1b: add byte ptr [bp + si], dl
0x13d1d: add byte ptr [di], al
0x13d1f: push cs
0x13d20: add ax, 0
0x13d23: add byte ptr [bp + si + 3], bl
0x13d26: fadd qword ptr [di]
0x13d28: inc ax
2018-12-25T12:53:33.424759126Z 9 PC: 13d0e | Display string (Could not find end pointer)
2018-12-25T12:53:33.437153389Z 76 PC: 13d12 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":36,"Second":0,"TimeBased":true,"OriginalID":16596,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:32.52502973Z 37 PC: 13c4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:32.526367298Z 47 PC: 13c59 | Get disk transfer address
2018-12-25T12:53:32.527288729Z 26 PC: 13c62 | Set disk transfer address
2018-12-25T12:53:32.52823891Z 25 PC: 13c66 | Get default drive
2018-12-25T12:53:32.529543768Z 44 PC: 13c6d | Get time 0x13c6d: and dh, 0xf
0x13c70: mov dl, dh
0x13c72: cmp dh, 0
0x13c75: je 0x13c7c
0x13c77: cmp dl, 2
0x13c7a: jne 0x13c80
0x13c7c: mov ah, 0xe
0x13c7e: int 0x21
0x13c80: mov ax, cs
0x13c82: mov es, ax
0x13c84: mov byte ptr [0x3b8], 0
0x13c89: nop
0x13c8a: mov di, 0x382
0x13c8d: mov word ptr [0x3b6], di
0x13c91: call 0x13ede
0x13c94: mov di, 0x382
0x13c97: mov ax, 0x2e2a
0x13c9a: stosw word ptr es:[di], ax
0x13c9b: mov ah, 0
0x13c9d: stosw word ptr es:[di], ax
2018-12-25T12:53:32.531474097Z 14 PC: 13c80 | Set default drive (Drive = 'C')
2018-12-25T12:53:32.532518924Z 78 PC: 13ef3 | Find first file
2018-12-25T12:53:32.53807329Z 79 PC: 13f5e | Find next file
2018-12-25T12:53:32.540428098Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:32.542834196Z 54 PC: 13f76 | Get free disk space
2018-12-25T12:53:32.579163424Z 67 PC: 13f8f | Get or set file attributes
2018-12-25T12:53:32.587330672Z 67 PC: 13f9b | Get or set file attributes
2018-12-25T12:53:33.012300126Z 61 PC: 13fa0 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:53:33.019718102Z 87 PC: 13fa7 | Get or set file date and time
2018-12-25T12:53:33.02123348Z 63 PC: 13e03 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:33.026723763Z 66 PC: 13e4a | Move file pointer
2018-12-25T12:53:33.028191506Z 64 PC: 13e5d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:53:33.035286812Z 64 PC: 13e0f | Write file or device (Write 886 bytes on handle 5)
2018-12-25T12:53:33.044504412Z 64 PC: 13e1b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.047145876Z 66 PC: 13e24 | Move file pointer
2018-12-25T12:53:33.051798824Z 64 PC: 13e3f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.054372242Z 87 PC: 13dd5 | Get or set file date and time
2018-12-25T12:53:33.055685202Z 62 PC: 13dd9 | Close file
2018-12-25T12:53:33.062980397Z 67 PC: 13de5 | Get or set file attributes
2018-12-25T12:53:33.07338751Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.076022544Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.079197917Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.082026606Z 78 PC: 13ca7 | Find first file
2018-12-25T12:53:33.087311224Z 79 PC: 13cec | Find next file
2018-12-25T12:53:33.090667947Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.092365341Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T12:53:33.099704584Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T12:53:33.103257945Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T12:53:33.115160826Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T12:53:33.124401653Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T12:53:33.132624684Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T12:53:33.133912418Z 63 PC: 13d5a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T12:53:33.139865193Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T12:53:33.141684467Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T12:53:33.147650726Z 64 PC: 13d8b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T12:53:33.154612937Z 64 PC: 13d99 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:33.158123486Z 64 PC: 13da9 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:53:33.16075158Z 66 PC: 13db8 | Move file pointer
2018-12-25T12:53:33.161975692Z 64 PC: 13dc2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T12:53:33.165546197Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T12:53:33.167055129Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T12:53:33.173100661Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T12:53:33.182407691Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.186004984Z 54 PC: 13f76 | Get free disk space (See above)
2018-12-25T12:53:33.188383883Z 67 PC: 13f8f | Get or set file attributes (See above)
2018-12-25T12:53:33.19422758Z 67 PC: 13f9b | Get or set file attributes (See above)
2018-12-25T12:53:33.204832465Z 61 PC: 13fa0 | Open file (See above)
2018-12-25T12:53:33.211638508Z 87 PC: 13fa7 | Get or set file date and time (See above)
2018-12-25T12:53:33.213180908Z 63 PC: 13d5a | Read file or device (See above)
2018-12-25T12:53:33.218893078Z 66 PC: 13e4a | Move file pointer (See above)
2018-12-25T12:53:33.220093707Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T12:53:33.226157217Z 64 PC: 13d8b | Write file or device (See above)
2018-12-25T12:53:33.233830441Z 64 PC: 13d99 | Write file or device (See above)
2018-12-25T12:53:33.236249385Z 64 PC: 13da9 | Write file or device (See above)
2018-12-25T12:53:33.238615866Z 66 PC: 13db8 | Move file pointer (See above)
2018-12-25T12:53:33.240208614Z 64 PC: 13dc2 | Write file or device (See above)
2018-12-25T12:53:33.242714592Z 87 PC: 13dd5 | Get or set file date and time (See above)
2018-12-25T12:53:33.243947789Z 62 PC: 13dd9 | Close file (See above)
2018-12-25T12:53:33.253408228Z 67 PC: 13de5 | Get or set file attributes (See above)
2018-12-25T12:53:33.262365851Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.265169115Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.269018983Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.271857029Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.274578269Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.278011351Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.280808077Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.283624865Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.28697703Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.289798229Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.29258379Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.295781224Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.298784377Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.304592108Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.308018713Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.310992168Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.313986817Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.317901855Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.320923673Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.323931285Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.327782479Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.330928458Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.333929587Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.33784345Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.341729998Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.344764469Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.347583762Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.350694321Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.353771116Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.36061384Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.363881977Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.366956881Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.370075077Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.37360784Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.376028903Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.378279727Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.381130897Z 78 PC: 13ef3 | Find first file (See above)
2018-12-25T12:53:33.389483306Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.392234014Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.395538147Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.398460651Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.400385864Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.403665692Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.406596273Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.409526018Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.41970562Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.42254678Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.425423247Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.428718014Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.43158247Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.437371361Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.440702284Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.443569452Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.446387377Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.449827547Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.452702142Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.455563526Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.458831973Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.461559629Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.464349519Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.467925347Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.470906948Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.474558579Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.478419086Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.481329587Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.484281845Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.491321964Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.494392775Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.497340596Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.500756499Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.503603231Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.506363303Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.509750454Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.512665826Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.515500745Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.518925714Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.521972299Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.525141037Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.528741125Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.531551964Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.534370576Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.537435041Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.543853751Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.546766208Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.550628602Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.553463182Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.556735805Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.560542551Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.56391929Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.567290601Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.57081711Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.57395111Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.577002962Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.581236037Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.584127758Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.587273272Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.590590744Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.593528927Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.600029728Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.60303294Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.606068066Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.610538838Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.613574502Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.616602171Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.619705927Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.622806312Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.625683857Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.629128674Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.632051453Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.634954909Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.63837785Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.641246279Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.644142386Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.64796174Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.654100087Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.657335222Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.661462736Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.665134963Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.668470685Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.67284138Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.675887887Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.679451183Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.682802461Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.685753941Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.688575834Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.691887437Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.694790523Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.697665427Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.701131871Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.703973047Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.709726028Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.713051141Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.715939207Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.718768613Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.722266647Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.72510726Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.728004996Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.731518225Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.734332255Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.737255561Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.740643448Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.744286874Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.747639663Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.750716273Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.756557377Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.759942303Z 79 PC: 13f5e | Find next file (See above)
2018-12-25T12:53:33.762605226Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.76501377Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.767696799Z 79 PC: 13cec | Find next file (See above)
2018-12-25T12:53:33.770030128Z 14 PC: 13cf9 | Set default drive (Drive = '›')
2018-12-25T12:53:33.771075562Z 44 PC: 13cfd | Get time 0x13cfd: cmp cl, 0x20
0x13d00: jb 0x13d34
0x13d02: cmp cl, 0x23
0x13d05: jae 0x13d34
0x13d07: mov ah, 9
0x13d09: mov dx, 0xd2
0x13d0c: int 0x21
0x13d0e: mov ah, 0x4c
0x13d10: int 0x21
0x13d12: or ax, 0x410a
0x13d15: and byte ptr [bx], cl
0x13d17: add byte ptr [di], al
0x13d19: add byte ptr [bx], cl
0x13d1b: add byte ptr [bp + si], dl
0x13d1d: add byte ptr [di], al
0x13d1f: push cs
0x13d20: add ax, 0
0x13d23: add byte ptr [bp + si + 3], bl
0x13d26: fadd qword ptr [di]
0x13d28: inc ax
2018-12-25T12:53:33.77357336Z 44 PC: 13d45 | Get time 0x13d45: pop ax
0x13d46: pop ds
0x13d47: pop es
0x13d48: ljmp ptr cs:[0x376]
0x13d4d: call 0x13f64
0x13d50: mov dx, 0x3ba
0x13d53: mov ah, 0x3f
0x13d55: mov cx, 0x1b
0x13d58: int 0x21
0x13d5a: mov si, dx
0x13d5c: call 0x13e41
0x13d5f: sub bp, word ptr [si + 8]
0x13d62: add dx, 0x3ba
0x13d66: adc cx, 0
0x13d69: mov ax, dx
0x13d6b: and ax, 0x1ff
0x13d6e: mov word ptr [si + 2], ax
0x13d71: shr cx, 1
0x13d73: rcr dx, 1
0x13d75: mov dl, dh