Sample viewer

vx.netlux.org/Virus.DOS.Vesna.1751

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:57.423508983Z 48 PC: 12aca | Get DOS version
2018-12-17T23:09:57.424530251Z 47 PC: 12af2 | Get disk transfer address
2018-12-17T23:09:57.42547041Z 26 PC: 12aff | Set disk transfer address
2018-12-17T23:09:57.426785354Z 78 PC: 12c31 | Find first file
2018-12-17T23:09:57.432374201Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.433457748Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.439161224Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.454785424Z 61 PC: 12c7a | Open file (Filename = 'TEST.EXE')
2018-12-17T23:09:57.461034055Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.466585953Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.467920992Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.469085865Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:57.472002299Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.473200026Z 66 PC: 12faa | Move file pointer
2018-12-17T23:09:57.474244429Z 63 PC: 12fb6 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:09:57.476751277Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:57.47822288Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:57.484743907Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:57.499256639Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:57.501606309Z 78 PC: 12c31 | Find first file
2018-12-17T23:09:57.508013516Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.509070605Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.51488069Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.522768872Z 61 PC: 12c7a | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:57.529140328Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.531388279Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.532759003Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.534195826Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:57.541247636Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.542843784Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:57.54438913Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:57.547530267Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:57.549000809Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:57.551791216Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:57.554122717Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:57.557022979Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:57.558608323Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:57.561919652Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:57.571412632Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:57.573122772Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:57.581532491Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:57.591752316Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:57.594564089Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.596799892Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.602875447Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.613979905Z 61 PC: 12c7a | Open file (Filename = 'PRINT.COM')
2018-12-17T23:09:57.62138087Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.623829813Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.625243893Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.627212179Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:57.634154669Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.635659274Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:57.639191477Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:57.64592169Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:57.647655636Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:57.650297703Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:57.651909316Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:57.654904598Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:57.656637086Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:57.65917204Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:57.668961324Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:57.670432269Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:57.678579209Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:57.698157961Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:57.700934135Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.703260908Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.709812338Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.719929139Z 61 PC: 12c7a | Open file (Filename = 'HELLO.COM')
2018-12-17T23:09:57.727108355Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.728568295Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.730044711Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.732086693Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:57.738604465Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.740545891Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:57.742318874Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:57.744901474Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:57.746243661Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:57.749367209Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:57.750621455Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:57.753319849Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:57.75528151Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:57.757932967Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:57.766919194Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:57.768884873Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:57.776667016Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:57.786137291Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:57.789411849Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.795377606Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.800968932Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.811002441Z 61 PC: 12c7a | Open file (Filename = 'PHANG.COM')
2018-12-17T23:09:57.81745737Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.818723419Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.820519562Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.821780242Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:57.828990054Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.830670533Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:57.831796843Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:57.83412155Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:57.836009638Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:57.838467202Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:57.840901289Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:57.843330058Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:57.844401407Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:57.846197111Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:57.852669845Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:57.853734653Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:57.859229605Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:57.870522364Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:57.872943699Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.874026744Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.879904307Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.889353951Z 61 PC: 12c7a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:09:57.900416891Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.911960388Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.913652425Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.915404148Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:57.922854796Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:57.924150338Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:57.925623628Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:57.929653365Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:57.931327685Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:57.933935096Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:57.935935035Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:57.938572581Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:57.940097702Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:57.943304835Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:57.952305993Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:57.953752576Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:57.962448286Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:57.972091574Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:57.974520515Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:57.97638335Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:57.981810516Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:57.99156176Z 61 PC: 12c7a | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:09:57.99869302Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:57.999876917Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.001923482Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.004202166Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:58.01069664Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.012249101Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:58.015761848Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:58.018584203Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:58.020212691Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:58.024148399Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:58.025781822Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:58.033840036Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:58.035688343Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:58.039470665Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:58.048266606Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:58.04966819Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:58.057489081Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:58.067443673Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:58.069806609Z 47 PC: 12c39 | Get disk transfer address
2018-12-17T23:09:58.071868363Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:58.077368773Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:58.087970552Z 61 PC: 12c7a | Open file (Filename = 'PAH.COM')
2018-12-17T23:09:58.094891003Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:58.096159222Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.097520902Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.099537128Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:58.106050029Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.107397454Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:58.109227009Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:58.111525489Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:58.112782428Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:58.115861151Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:58.117135686Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:58.119638805Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:58.121999721Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:58.124599466Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:58.133565238Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:58.135614332Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:58.144520225Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:58.154271656Z 79 PC: 12c31 | Find next file
2018-12-17T23:09:58.157428862Z 78 PC: 12c31 | Find first file
2018-12-17T23:09:58.163231884Z 26 PC: 12b1b | Set disk transfer address
2018-12-17T23:09:58.164645619Z 78 PC: 13114 | Find first file
2018-12-17T23:09:58.171464362Z 47 PC: 1311c | Get disk transfer address
2018-12-17T23:09:58.172826955Z 67 PC: 12c6a | Get or set file attributes
2018-12-17T23:09:58.178356456Z 67 PC: 12c75 | Get or set file attributes
2018-12-17T23:09:58.520245527Z 61 PC: 12c7a | Open file (Filename = 'c:\COMMAND.COM')
2018-12-17T23:09:58.526629952Z 87 PC: 12c84 | Get or set file date and time
2018-12-17T23:09:58.528547608Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.530963486Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.532483185Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:58.535607057Z 66 PC: 12d5b | Move file pointer
2018-12-17T23:09:58.53818862Z 66 PC: 12e6f | Move file pointer
2018-12-17T23:09:58.539855342Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-17T23:09:58.542901529Z 66 PC: 12ed2 | Move file pointer
2018-12-17T23:09:58.544783008Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-17T23:09:58.547409013Z 66 PC: 12eff | Move file pointer
2018-12-17T23:09:58.548928363Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-17T23:09:58.552601409Z 66 PC: 12f2f | Move file pointer
2018-12-17T23:09:58.554285368Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-17T23:09:58.556429599Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-17T23:09:58.564238931Z 87 PC: 12cba | Get or set file date and time
2018-12-17T23:09:58.56559933Z 62 PC: 12cc0 | Close file
2018-12-17T23:09:58.572334088Z 67 PC: 12cca | Get or set file attributes
2018-12-17T23:09:58.578171668Z 79 PC: 13114 | Find next file
2018-12-17T23:09:58.58049991Z 78 PC: 13114 | Find first file
2018-12-17T23:09:58.587586503Z 78 PC: 13114 | Find first file
2018-12-17T23:09:58.593724253Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, al
0x12b66: je 0x12b6b
0x12b68: jmp 0x12bdd
0x12b6a: nop
0x12b6b: mov ah, byte ptr [0x77f]
0x12b6f: int 0x21
0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
2018-12-17T23:09:58.597200406Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16695,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:36.621056587Z 48 PC: 12aca | Get DOS version
2018-12-25T12:53:36.625339165Z 47 PC: 12af2 | Get disk transfer address
2018-12-25T12:53:36.626911602Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:53:36.62862409Z 78 PC: 12c31 | Find first file
2018-12-25T12:53:36.636763863Z 47 PC: 12c39 | Get disk transfer address
2018-12-25T12:53:36.638667408Z 67 PC: 12c6a | Get or set file attributes
2018-12-25T12:53:36.645362958Z 67 PC: 12c75 | Get or set file attributes
2018-12-25T12:53:36.66702939Z 61 PC: 12c7a | Open file (Filename = 'TEST.EXE')
2018-12-25T12:53:36.675152561Z 87 PC: 12c84 | Get or set file date and time
2018-12-25T12:53:36.676888396Z 66 PC: 12d5b | Move file pointer
2018-12-25T12:53:36.679343735Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.682053733Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:53:36.689522134Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.69131274Z 66 PC: 12faa | Move file pointer
2018-12-25T12:53:36.693468994Z 63 PC: 12fb6 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:53:36.696659079Z 87 PC: 12cba | Get or set file date and time
2018-12-25T12:53:36.698691837Z 62 PC: 12cc0 | Close file
2018-12-25T12:53:36.712611701Z 67 PC: 12cca | Get or set file attributes
2018-12-25T12:53:36.723679745Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.726273582Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T12:53:36.732067816Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.733123467Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.736945408Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.744108102Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.750202592Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.752513433Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.754634867Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.767339718Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.774953737Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.777102319Z 66 PC: 12e6f | Move file pointer
2018-12-25T12:53:36.779554719Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-25T12:53:36.782245582Z 66 PC: 12ed2 | Move file pointer
2018-12-25T12:53:36.783728726Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:53:36.787505971Z 66 PC: 12eff | Move file pointer
2018-12-25T12:53:36.78866582Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-25T12:53:36.790759791Z 66 PC: 12f2f | Move file pointer
2018-12-25T12:53:36.792857462Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-25T12:53:36.796847728Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-25T12:53:36.807052887Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.80877961Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.81882354Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.829939237Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.833157641Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.835787899Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.842721602Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.85394558Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.862667966Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.865558221Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.867591753Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.870402814Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.879076919Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.882549679Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.884900334Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.888626457Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.890802651Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:36.894213062Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:36.897072467Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:36.899989041Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:36.901469692Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:36.905214709Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:36.915459977Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.917322168Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.927137622Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.938524596Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.941901423Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.944204108Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.9507776Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.962442403Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.971093759Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.973030219Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.974875454Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.97661776Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.984893091Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.986973397Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.989349146Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.992967474Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.994732168Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.000311167Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.00321495Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.006660009Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.008572702Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.012905915Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.054735737Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.056474659Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.066579208Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.078005364Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.081463433Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.084618801Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.092247191Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.103235924Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.110907085Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.113064574Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.11491125Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.116847386Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.125287045Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.126940234Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.128749716Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.132154301Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.13351737Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.136454815Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.138669972Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.142077036Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.143718825Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.147721877Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.158415743Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.160470697Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.17060121Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.182166174Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.185240129Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.186953782Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.194096523Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.204999659Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.217769513Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.220986197Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.222563661Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.22410895Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.232193989Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.233826089Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.235366661Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.239017238Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.240666029Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.243640377Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.246216349Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.249249181Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.251238031Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.254579998Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.265662596Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.267640196Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.276397138Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.288718919Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.292464395Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.293695076Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.300284284Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.311328691Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.319609446Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.32179372Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.323519164Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.325116556Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.332818767Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.334290905Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.335810068Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.339970223Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.341667281Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.34480655Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.347503012Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.356512256Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.359058957Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.362567257Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.374943058Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.376979999Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.38594313Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.398065144Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.401128115Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.402683992Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.410550716Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.421544913Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.434765582Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.437002234Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.438725235Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.440313482Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.447752896Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.449467001Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.451089987Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.454235395Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.455803399Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.458804993Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.461004792Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.46393606Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.465323333Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.46920103Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.479633495Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.48119839Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.491039984Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.502682595Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.505798562Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T12:53:37.51320737Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:53:37.514811783Z 78 PC: 13114 | Find first file
2018-12-25T12:53:37.521336534Z 47 PC: 1311c | Get disk transfer address
2018-12-25T12:53:37.52331894Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.529006145Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.871088327Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.878577928Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.879704222Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.880901936Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.882522508Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.885404787Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.886617376Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.888256645Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.89087621Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.892059167Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.895801979Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.897170306Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.90039487Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.902053989Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.904992484Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.916350307Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.918392094Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.926042171Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.935671757Z 79 PC: 13114 | Find next file (See above)
2018-12-25T12:53:37.937939866Z 78 PC: 13114 | Find first file (See above)
2018-12-25T12:53:37.941312515Z 78 PC: 13114 | Find first file (See above)
2018-12-25T12:53:37.944604466Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, al
0x12b66: je 0x12b6b
0x12b68: jmp 0x12bdd
0x12b6a: nop
0x12b6b: mov ah, byte ptr [0x77f]
0x12b6f: int 0x21
0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
2018-12-25T12:53:37.946579015Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16695,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:36.609663434Z 48 PC: 12aca | Get DOS version
2018-12-25T12:53:36.611035579Z 47 PC: 12af2 | Get disk transfer address
2018-12-25T12:53:36.612005992Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:53:36.612952686Z 78 PC: 12c31 | Find first file
2018-12-25T12:53:36.619089527Z 47 PC: 12c39 | Get disk transfer address
2018-12-25T12:53:36.620216651Z 67 PC: 12c6a | Get or set file attributes
2018-12-25T12:53:36.62591036Z 67 PC: 12c75 | Get or set file attributes
2018-12-25T12:53:36.643917371Z 61 PC: 12c7a | Open file (Filename = 'TEST.EXE')
2018-12-25T12:53:36.653964454Z 87 PC: 12c84 | Get or set file date and time
2018-12-25T12:53:36.655343652Z 66 PC: 12d5b | Move file pointer
2018-12-25T12:53:36.657259724Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.658629508Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:53:36.664763045Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.666532234Z 66 PC: 12faa | Move file pointer
2018-12-25T12:53:36.667801058Z 63 PC: 12fb6 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:53:36.670098055Z 87 PC: 12cba | Get or set file date and time
2018-12-25T12:53:36.671757248Z 62 PC: 12cc0 | Close file
2018-12-25T12:53:36.680343083Z 67 PC: 12cca | Get or set file attributes
2018-12-25T12:53:36.689893125Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.692332399Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T12:53:36.698328321Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.699409419Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.704712917Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.717118045Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.723535575Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.724663142Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.72667071Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.728181802Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.734304867Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.73691645Z 66 PC: 12e6f | Move file pointer
2018-12-25T12:53:36.738703417Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-25T12:53:36.741291806Z 66 PC: 12ed2 | Move file pointer
2018-12-25T12:53:36.743607562Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:53:36.74636168Z 66 PC: 12eff | Move file pointer
2018-12-25T12:53:36.74790018Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-25T12:53:36.751250853Z 66 PC: 12f2f | Move file pointer
2018-12-25T12:53:36.752534025Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-25T12:53:36.75507168Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-25T12:53:36.764210559Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.765882424Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.77339383Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.784084222Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.786978159Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.789165235Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.795820321Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.805376367Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.80937242Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.810602162Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.811788554Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.812632408Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.81726714Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.818290691Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.819175286Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.821243845Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.822206533Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:36.823818807Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:36.824764927Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:36.827030686Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:36.827870467Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:36.830273926Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:36.836380141Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.837384175Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.842340793Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.84869364Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.850311882Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.851278231Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.854995904Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.862672705Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.867054983Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.868035205Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.868912741Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.869935143Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.874125891Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.875123775Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.87647868Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.878352603Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.879343342Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:36.881222371Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:36.882355241Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:36.883984024Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:36.885023499Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:36.887164755Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:36.892742059Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.893898248Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.899340711Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.906431987Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.908236464Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.909604501Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.912972372Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.920392379Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.931966796Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.93320016Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.934827519Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.936558755Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.942760489Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.945061309Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.946637078Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.949185777Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.950788644Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:36.953593012Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:36.954740104Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:36.957363619Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:36.958729424Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:36.961124127Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:36.970472693Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.97206605Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.97919093Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.988943128Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.991361436Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.992377195Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.998943105Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.00830193Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.014614427Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.016285524Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.017604657Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.018650725Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.024699363Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.026200728Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.027229516Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.029553977Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.030793439Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.033150346Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.034536958Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.03695572Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.038103284Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.041003355Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.049796328Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.051093337Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.058987856Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.068617123Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.070968091Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.072650252Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.077969205Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.087244097Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.094470182Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.095663684Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.096888381Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.098180375Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.104472942Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.105657218Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.106887832Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.10994018Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.111113734Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.113512589Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.115153161Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.123226451Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.124412397Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.126983153Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.135821098Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.137117694Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.14464382Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.154059079Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.156559161Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.157824483Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.163096391Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.172783783Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.183611989Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.1855205Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.187190947Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.188348272Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.19451433Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.196109753Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.197249964Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.199445722Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.201122382Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.203465857Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.204495205Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.207208841Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.208386622Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.210909609Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.219812387Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.221080228Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.228173143Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.23801932Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.240330634Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T12:53:37.245777788Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:53:37.247202338Z 78 PC: 13114 | Find first file
2018-12-25T12:53:37.253167317Z 47 PC: 1311c | Get disk transfer address
2018-12-25T12:53:37.254331543Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.259366438Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.576680994Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.58083074Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.583479022Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.58465174Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.58605772Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.587793942Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.588764852Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.590658515Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.592310641Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.593225717Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.595797349Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.597466637Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.599904216Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.602144612Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.604949059Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.745902271Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.747721443Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.929642123Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.939397564Z 79 PC: 13114 | Find next file (See above)
2018-12-25T12:53:37.942492676Z 78 PC: 13114 | Find first file (See above)
2018-12-25T12:53:37.947593182Z 78 PC: 13114 | Find first file (See above)
2018-12-25T12:53:37.952620811Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, al
0x12b66: je 0x12b6b
0x12b68: jmp 0x12bdd
0x12b6a: nop
0x12b6b: mov ah, byte ptr [0x77f]
0x12b6f: int 0x21
0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
2018-12-25T12:53:37.955037612Z 44 PC: 12b71 | Get time 0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
0x12b92: cmp ch, 0xd
0x12b95: jne 0x12b9a
0x12b97: mov dx, 0x36c
0x12b9a: cmp ch, 0xf
0x12b9d: jne 0x12ba2
0x12b9f: mov dx, 0x3e1
2018-12-25T12:53:37.957147336Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16695,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:40.246130958Z 48 PC: 12aca | Get DOS version
2018-12-25T13:07:40.248183028Z 47 PC: 12af2 | Get disk transfer address
2018-12-25T13:07:40.24920137Z 26 PC: 12aff | Set disk transfer address
2018-12-25T13:07:40.250182266Z 78 PC: 12c31 | Find first file
2018-12-25T13:07:40.256394754Z 47 PC: 12c39 | Get disk transfer address
2018-12-25T13:07:40.257622554Z 67 PC: 12c6a | Get or set file attributes
2018-12-25T13:07:40.264526138Z 67 PC: 12c75 | Get or set file attributes
2018-12-25T13:07:40.282509607Z 61 PC: 12c7a | Open file (Filename = 'TEST.EXE')
2018-12-25T13:07:40.291013369Z 87 PC: 12c84 | Get or set file date and time
2018-12-25T13:07:40.292324141Z 66 PC: 12d5b | Move file pointer
2018-12-25T13:07:40.294645741Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.296434692Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T13:07:40.302985306Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.305164781Z 66 PC: 12faa | Move file pointer
2018-12-25T13:07:40.306522126Z 63 PC: 12fb6 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T13:07:40.30879628Z 87 PC: 12cba | Get or set file date and time
2018-12-25T13:07:40.310317792Z 62 PC: 12cc0 | Close file
2018-12-25T13:07:40.317590719Z 67 PC: 12cca | Get or set file attributes
2018-12-25T13:07:40.327151298Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.329941423Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T13:07:40.337029745Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.338534275Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.34396918Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.356268648Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.362398021Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.36357784Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.365086313Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.366222834Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.372098713Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.373692662Z 66 PC: 12e6f | Move file pointer
2018-12-25T13:07:40.374890182Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-25T13:07:40.377039952Z 66 PC: 12ed2 | Move file pointer
2018-12-25T13:07:40.378565088Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-25T13:07:40.380957067Z 66 PC: 12eff | Move file pointer
2018-12-25T13:07:40.3819726Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-25T13:07:40.384653378Z 66 PC: 12f2f | Move file pointer
2018-12-25T13:07:40.385669291Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-25T13:07:40.387324275Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-25T13:07:40.39353953Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.394568888Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.399255983Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.409494229Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.411938843Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.412887066Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.419007208Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.431086552Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.437396133Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.439239955Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.441127181Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.442485518Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.449029752Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.451016247Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:40.452146637Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:40.454456417Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:40.455832912Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:40.458101833Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:40.459165876Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:40.461746381Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:40.462803654Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:40.465192499Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:40.473973443Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.475219479Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.482486859Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.492399319Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.494776782Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.495796675Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.50115838Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.510340802Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.516493645Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.517696373Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.518830689Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.519852763Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.525942914Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.527200163Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:40.528316721Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:40.530931323Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:40.53213961Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:40.534378088Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:40.535553433Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:40.537918363Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:40.539058516Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:40.541805669Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:40.550767448Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.552016389Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.559257172Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.568453167Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.570771744Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.571797249Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.576978546Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.58608502Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.59693563Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.598112212Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.599358843Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.600582226Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.606436953Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.607687846Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:40.608947222Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:40.61171858Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:40.612695805Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:40.615204989Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:40.616075714Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:40.617741039Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:40.61909355Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:40.6206773Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:40.626132168Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.642879407Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.650478691Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.660425171Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.664155007Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.665659106Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.671474578Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.681664694Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.688048403Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.689218597Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.690846348Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.691972922Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.697944543Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.700041036Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:40.7011724Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:40.703497084Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:40.705266368Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:40.707716211Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:40.708769349Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:40.711601722Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:40.712782369Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:40.715324298Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:40.724190609Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.725473025Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.732713857Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.742810336Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.745222966Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.746301783Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.751841635Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.761215653Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.767572284Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.769178033Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.770386448Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.771611801Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.777732715Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.778820968Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:40.780162172Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:40.782466162Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:40.783631664Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:40.786585975Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:40.78774348Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:40.795236294Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:40.796712476Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:40.799207979Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:40.808423746Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.809981983Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.817357698Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.826777777Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.828760855Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T13:07:40.829548346Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.832832788Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:40.839008182Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:40.845862525Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:40.846770872Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.847984507Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.848897723Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:40.852688691Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:40.854003453Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:40.854928005Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:40.856576333Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:40.857604664Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:40.859217682Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:40.85999416Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:40.861792502Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:40.862680469Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:40.86425025Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:40.870329141Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:40.871288356Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:40.875918841Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:40.882359038Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T13:07:40.884119268Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T13:07:40.88963363Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T13:07:40.890571764Z 78 PC: 13114 | Find first file
2018-12-25T13:07:40.895720289Z 47 PC: 1311c | Get disk transfer address
2018-12-25T13:07:40.899094969Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T13:07:40.904063869Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T13:07:41.244448481Z 61 PC: 12c7a | Open file (See above)
2018-12-25T13:07:41.251679493Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T13:07:41.253796656Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:41.25554884Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:41.258417835Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T13:07:41.260958057Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T13:07:41.262300053Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T13:07:41.264349902Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T13:07:41.266859141Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T13:07:41.268123834Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T13:07:41.271167249Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T13:07:41.273416478Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T13:07:41.276483731Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T13:07:41.278941693Z 44 PC: 130bf | Get time (See above)
2018-12-25T13:07:41.281585055Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T13:07:41.291700059Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T13:07:41.294263158Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T13:07:41.301261898Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T13:07:41.309982966Z 79 PC: 13114 | Find next file (See above)
2018-12-25T13:07:41.313077053Z 78 PC: 13114 | Find first file (See above)
2018-12-25T13:07:41.31815193Z 78 PC: 13114 | Find first file (See above)
2018-12-25T13:07:41.323241723Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, al
0x12b66: je 0x12b6b
0x12b68: jmp 0x12bdd
0x12b6a: nop
0x12b6b: mov ah, byte ptr [0x77f]
0x12b6f: int 0x21
0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
2018-12-25T13:07:41.325866706Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16695,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:36.689920256Z 48 PC: 12aca | Get DOS version
2018-12-25T12:53:36.691352778Z 47 PC: 12af2 | Get disk transfer address
2018-12-25T12:53:36.692281666Z 26 PC: 12aff | Set disk transfer address
2018-12-25T12:53:36.693177352Z 78 PC: 12c31 | Find first file
2018-12-25T12:53:36.699147773Z 47 PC: 12c39 | Get disk transfer address
2018-12-25T12:53:36.700263827Z 67 PC: 12c6a | Get or set file attributes
2018-12-25T12:53:36.705735691Z 67 PC: 12c75 | Get or set file attributes
2018-12-25T12:53:36.733967056Z 61 PC: 12c7a | Open file (Filename = 'TEST.EXE')
2018-12-25T12:53:36.738182972Z 87 PC: 12c84 | Get or set file date and time
2018-12-25T12:53:36.739112469Z 66 PC: 12d5b | Move file pointer
2018-12-25T12:53:36.740330491Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.741741306Z 63 PC: 12d80 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:53:36.745496571Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.746379664Z 66 PC: 12faa | Move file pointer
2018-12-25T12:53:36.747589362Z 63 PC: 12fb6 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:53:36.749093438Z 87 PC: 12cba | Get or set file date and time
2018-12-25T12:53:36.75015605Z 62 PC: 12cc0 | Close file
2018-12-25T12:53:36.757247805Z 67 PC: 12cca | Get or set file attributes
2018-12-25T12:53:36.766364371Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.768554708Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T12:53:36.774097846Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.775136614Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.783470603Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.792992471Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.797927737Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.798971048Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.80063783Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.801704068Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.806481107Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.808981745Z 66 PC: 12e6f | Move file pointer
2018-12-25T12:53:36.810517565Z 63 PC: 12e7b | Read file or device (Read 11 bytes on handle 5)
2018-12-25T12:53:36.812917657Z 66 PC: 12ed2 | Move file pointer
2018-12-25T12:53:36.814868498Z 64 PC: 12ede | Write file or device (Write 11 bytes on handle 5)
2018-12-25T12:53:36.817359383Z 66 PC: 12eff | Move file pointer
2018-12-25T12:53:36.818612082Z 64 PC: 12f0b | Write file or device (Write 57 bytes on handle 5)
2018-12-25T12:53:36.821768393Z 66 PC: 12f2f | Move file pointer
2018-12-25T12:53:36.823138134Z 44 PC: 130bf | Get time 0x130bf: xor cx, dx
0x130c1: xor ch, cl
0x130c3: mov byte ptr [0x12a], ch
0x130c7: popaw
0x130c8: ret
0x130c9: xor byte ptr [bp + si], bl
0x130cb: das
0x130cc: dec si
0x130cd: dec di
0x130ce: add byte ptr [bp + di + 1], al
0x130d1: inc bx
0x130d2: add bh, byte ptr [di]
0x130d4: add byte ptr [bx + 1], dl
0x130d7: push di
0x130d8: inc dx
0x130da: add bh, bh
0x130dc: add byte ptr [bx], bh
0x130de: push ds
0x130df: sub al, 0x19
0x130e1: xchg ax, si
2018-12-25T12:53:36.825753113Z 64 PC: 12ab4 | Write file or device (Write 1751 bytes on handle 5)
2018-12-25T12:53:36.835177017Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.83656069Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.843822981Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.854344543Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.856768381Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.857849129Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.864438307Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.874129979Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.880566197Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.882547555Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.890965265Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.892181784Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.898343522Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.900481553Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.901769861Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.904198883Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.905812846Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:36.908419962Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:36.909760008Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:36.912462032Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:36.913685896Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:36.916279934Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:36.92522834Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:36.927255666Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:36.934499094Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:36.942033522Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:36.94461938Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:36.946023336Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:36.952091516Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:36.961293173Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:36.967575005Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:36.969223806Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.970505804Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.971658271Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:36.97788723Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:36.979070875Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:36.980175426Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:36.982773979Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:36.983857541Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:36.986201209Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:36.987676848Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:36.990147555Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:36.991468376Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:36.995212018Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.003777068Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.005005665Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.012431839Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.02166224Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.024057305Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.02541691Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.030618201Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.039702161Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.050457661Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.051388922Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.052307189Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.053482085Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.057548457Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.058471129Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.059957034Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.061687828Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.062580705Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.064811624Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.065691241Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.067333101Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.069126612Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.070745738Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.0761852Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.07737784Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.081968276Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.0878063Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.089700858Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.090552292Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.095900573Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.105544432Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.116419307Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.117585947Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.119087858Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.120921616Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.126951637Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.128596665Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.130088567Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.132654858Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.134355322Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.136725021Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.13779395Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.14051187Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.141672793Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.144071878Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.152979507Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.154416511Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.161620406Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.17121554Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.17279577Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.173563478Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.177475447Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.187304168Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.193557615Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.195410348Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.19700474Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.19857213Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.205202098Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.206380425Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.207508071Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.210079778Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.211268006Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.213854746Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.215622296Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.223179045Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.22456841Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.227352283Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.23606183Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.237731693Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.244339129Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.250692801Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.252677677Z 47 PC: 12c39 | Get disk transfer address (See above)
2018-12-25T12:53:37.253514045Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.256851519Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.263111348Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.267172417Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.268028901Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.269333559Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.270314253Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.274212737Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.27560079Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.276464533Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.277936228Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.279318331Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.280907554Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.28176446Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.284678441Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.285853261Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.288242627Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.427584256Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.428594477Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.51197827Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.57634976Z 79 PC: 12c31 | Find next file (See above)
2018-12-25T12:53:37.578660573Z 78 PC: 12c31 | Find first file (See above)
2018-12-25T12:53:37.589296876Z 26 PC: 12b1b | Set disk transfer address
2018-12-25T12:53:37.590563736Z 78 PC: 13114 | Find first file
2018-12-25T12:53:37.595788159Z 47 PC: 1311c | Get disk transfer address
2018-12-25T12:53:37.597406991Z 67 PC: 12c6a | Get or set file attributes (See above)
2018-12-25T12:53:37.602260357Z 67 PC: 12c75 | Get or set file attributes (See above)
2018-12-25T12:53:37.929924735Z 61 PC: 12c7a | Open file (See above)
2018-12-25T12:53:37.934060835Z 87 PC: 12c84 | Get or set file date and time (See above)
2018-12-25T12:53:37.93504433Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.935970053Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.937193896Z 63 PC: 12d80 | Read file or device (See above)
2018-12-25T12:53:37.938881005Z 66 PC: 12d5b | Move file pointer (See above)
2018-12-25T12:53:37.939856262Z 66 PC: 12e6f | Move file pointer (See above)
2018-12-25T12:53:37.94148159Z 63 PC: 12e7b | Read file or device (See above)
2018-12-25T12:53:37.943837775Z 66 PC: 12ed2 | Move file pointer (See above)
2018-12-25T12:53:37.944969635Z 64 PC: 12ede | Write file or device (See above)
2018-12-25T12:53:37.947727003Z 66 PC: 12eff | Move file pointer (See above)
2018-12-25T12:53:37.948896105Z 64 PC: 12f0b | Write file or device (See above)
2018-12-25T12:53:37.951805496Z 66 PC: 12f2f | Move file pointer (See above)
2018-12-25T12:53:37.953323912Z 44 PC: 130bf | Get time (See above)
2018-12-25T12:53:37.955142919Z 64 PC: 12ab4 | Write file or device (See above)
2018-12-25T12:53:37.961520128Z 87 PC: 12cba | Get or set file date and time (See above)
2018-12-25T12:53:37.963207941Z 62 PC: 12cc0 | Close file (See above)
2018-12-25T12:53:37.970569548Z 67 PC: 12cca | Get or set file attributes (See above)
2018-12-25T12:53:37.980249973Z 79 PC: 13114 | Find next file (See above)
2018-12-25T12:53:37.982956797Z 78 PC: 13114 | Find first file (See above)
2018-12-25T12:53:37.988726017Z 78 PC: 13114 | Find first file (See above)
2018-12-25T12:53:37.99433389Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, al
0x12b66: je 0x12b6b
0x12b68: jmp 0x12bdd
0x12b6a: nop
0x12b6b: mov ah, byte ptr [0x77f]
0x12b6f: int 0x21
0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
2018-12-25T12:53:37.996776185Z 44 PC: 12b71 | Get time 0x12b71: xor dx, dx
0x12b73: cmp ch, cl
0x12b75: je 0x12b7a
0x12b77: jmp 0x12bdd
0x12b79: nop
0x12b7a: cmp ch, 7
0x12b7d: jne 0x12b82
0x12b7f: mov dx, 0x1bd
0x12b82: cmp ch, 9
0x12b85: jne 0x12b8a
0x12b87: mov dx, 0x2e3
0x12b8a: cmp ch, 0xb
0x12b8d: jne 0x12b92
0x12b8f: mov dx, 0x32e
0x12b92: cmp ch, 0xd
0x12b95: jne 0x12b9a
0x12b97: mov dx, 0x36c
0x12b9a: cmp ch, 0xf
0x12b9d: jne 0x12ba2
0x12b9f: mov dx, 0x3e1
2018-12-25T12:53:37.998843141Z 76 PC: 12a45 | Terminate with return code (Return code = '1')