Sample viewer

vx.netlux.org/Virus.DOS.Akuku.886.e

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:20.410217492Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:20.412099349Z 47 PC: 12e49 | Get disk transfer address
2018-12-17T22:09:20.413195536Z 26 PC: 12e52 | Set disk transfer address
2018-12-17T22:09:20.414255537Z 25 PC: 12e56 | Get default drive
2018-12-17T22:09:20.416206369Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-17T22:09:20.418573137Z 78 PC: 130e3 | Find first file
2018-12-17T22:09:20.423248128Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.433665914Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.436101161Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.43869889Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.441658466Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.444497681Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.447491099Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.450649496Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.45349472Z 54 PC: 13166 | Get free disk space
2018-12-17T22:09:20.462307156Z 67 PC: 1317f | Get or set file attributes
2018-12-17T22:09:20.481464945Z 67 PC: 1318b | Get or set file attributes
2018-12-17T22:09:20.509509789Z 61 PC: 13190 | Open file (Filename = 'TEST.COM')
2018-12-17T22:09:20.516180718Z 87 PC: 13197 | Get or set file date and time
2018-12-17T22:09:20.518489514Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:20.526605713Z 66 PC: 1303a | Move file pointer
2018-12-17T22:09:20.528075743Z 64 PC: 1304d | Write file or device (Write 7 bytes on handle 5)
2018-12-17T22:09:20.531594011Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-17T22:09:20.54192553Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:09:20.544666607Z 66 PC: 13014 | Move file pointer
2018-12-17T22:09:20.546166433Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:09:20.549644257Z 87 PC: 12fc5 | Get or set file date and time
2018-12-17T22:09:20.551431475Z 62 PC: 12fc9 | Close file
2018-12-17T22:09:20.561171376Z 67 PC: 12fd5 | Get or set file attributes
2018-12-17T22:09:20.572330684Z 79 PC: 1314e | Find next file
2018-12-17T22:09:20.574507016Z 78 PC: 12e97 | Find first file
2018-12-17T22:09:20.580220988Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.582738471Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.585198516Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.587770153Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.590440872Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.593177931Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.595901901Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.599088307Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.601436654Z 79 PC: 12edc | Find next file
2018-12-17T22:09:20.603479292Z 14 PC: 12ee9 | Set default drive (Drive = 'A')
2018-12-17T22:09:20.605150738Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-17T22:09:20.60708314Z 26 PC: 12f35 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2160,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:00.494592807Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:00.496308698Z 47 PC: 12e49 | Get disk transfer address
2018-12-25T11:45:00.498647853Z 26 PC: 12e52 | Set disk transfer address
2018-12-25T11:45:00.499949715Z 25 PC: 12e56 | Get default drive
2018-12-25T11:45:00.501243308Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-25T11:45:00.507054195Z 14 PC: 12e70 | Set default drive (Drive = 'C')
2018-12-25T11:45:00.508414721Z 78 PC: 130e3 | Find first file
2018-12-25T11:45:00.5144081Z 79 PC: 1314e | Find next file
2018-12-25T11:45:00.524714584Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.527933664Z 54 PC: 13166 | Get free disk space
2018-12-25T11:45:00.576002986Z 67 PC: 1317f | Get or set file attributes
2018-12-25T11:45:00.586255743Z 67 PC: 1318b | Get or set file attributes
2018-12-25T11:45:01.291259753Z 61 PC: 13190 | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:45:01.298221426Z 87 PC: 13197 | Get or set file date and time
2018-12-25T11:45:01.301539952Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:01.309080498Z 66 PC: 1303a | Move file pointer
2018-12-25T11:45:01.311133244Z 64 PC: 1304d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T11:45:01.319009909Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.33559939Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.339474678Z 66 PC: 13014 | Move file pointer
2018-12-25T11:45:01.341070778Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.34482901Z 87 PC: 12fc5 | Get or set file date and time
2018-12-25T11:45:01.346853369Z 62 PC: 12fc9 | Close file
2018-12-25T11:45:01.368028418Z 67 PC: 12fd5 | Get or set file attributes
2018-12-25T11:45:01.380772846Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.384860674Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.388244748Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.392400626Z 78 PC: 12e97 | Find first file
2018-12-25T11:45:01.398549792Z 79 PC: 12edc | Find next file
2018-12-25T11:45:01.401407244Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.404988744Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:01.427606935Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:01.432449891Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:01.445839567Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:01.457382474Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:01.465611022Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:01.467768588Z 63 PC: 12f4a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T11:45:01.475424961Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:01.4777019Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:01.485377588Z 64 PC: 12f7b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.49424667Z 64 PC: 12f89 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:45:01.498576916Z 64 PC: 12f99 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:45:01.501986306Z 66 PC: 12fa8 | Move file pointer
2018-12-25T11:45:01.504919194Z 64 PC: 12fb2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T11:45:01.508462754Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:01.510453496Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:01.518915024Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:01.541742559Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.545524071Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:01.549276077Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:01.556292492Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:01.568414568Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:01.57701354Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:01.578902675Z 63 PC: 12f4a | Read file or device (See above)
2018-12-25T11:45:01.584919711Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:01.586369384Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:01.593651862Z 64 PC: 12f7b | Write file or device (See above)
2018-12-25T11:45:01.767164237Z 64 PC: 12f89 | Write file or device (See above)
2018-12-25T11:45:01.770644531Z 64 PC: 12f99 | Write file or device (See above)
2018-12-25T11:45:01.774881127Z 66 PC: 12fa8 | Move file pointer (See above)
2018-12-25T11:45:01.776485892Z 64 PC: 12fb2 | Write file or device (See above)
2018-12-25T11:45:01.780343335Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:01.784452526Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:01.900697094Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:01.912631134Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.916820205Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.920226395Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.923665372Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.927639228Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.931402669Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.93547002Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.940064285Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.943947658Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.94782923Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.951705053Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.956086709Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.96022084Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.96714908Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.970924673Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.974983683Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.978314456Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.982181967Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.985891933Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.989340982Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.993152038Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.999201657Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.002616819Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.006352595Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.0097611Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.012989396Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.017489752Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.021047324Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.024362723Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.035306503Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.039187948Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.043083106Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.048691801Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.052592891Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.056174356Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.059921831Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.063845016Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:02.074253052Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.078704435Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.085466997Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.089633898Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.093478113Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.097657526Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.102187708Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.105780642Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.110905559Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.114183765Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.118369782Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.127180672Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.131103109Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.13947381Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.14406692Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.147575049Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.151090694Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.155952548Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.159889275Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.163499365Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.170329138Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.173995463Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.177511902Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.182281204Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.186108411Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.190945778Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.195698309Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.199668192Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.203378885Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.212122987Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.215961075Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.220031208Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.224901695Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.2292831Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.233838761Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.238605033Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.242931387Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.247344522Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.251549434Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.256379432Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.261814609Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.265793671Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.270821708Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.274706785Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.278699434Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.296007661Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.299446385Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.303025249Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.307698416Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.311935148Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.316783138Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.322152594Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.326091474Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.331415963Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.336351674Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.340835356Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.345350188Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.350026163Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.353787268Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.357411892Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.362619857Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.371269242Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.378613177Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.382894141Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.387128906Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.391118593Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.396498166Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.401261554Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.40466058Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.408534199Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.412153971Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.415937137Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.420435193Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.424205508Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.428136045Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.432667646Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.43653362Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.443820375Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.448159432Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.451875718Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.455719423Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.460136462Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.464010891Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.468487292Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.473365525Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.47699109Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.480495388Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.484272434Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.48904353Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.492577911Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.496096829Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.499664354Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.503303872Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.510542898Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.515131304Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.518775685Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.522599986Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.526831662Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.530776575Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.535336604Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.539521091Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.543376118Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.547235683Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.551515053Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.555431806Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.559365377Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.56372004Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.570637053Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.574080937Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.577588885Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.580824207Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.583932712Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.587523624Z 14 PC: 12ee9 | Set default drive (Drive = '›')
2018-12-25T11:45:02.589210003Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-25T11:45:02.591948877Z 26 PC: 12f35 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":2160,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:00.558150498Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:00.562524614Z 47 PC: 12e49 | Get disk transfer address
2018-12-25T11:45:00.56399149Z 26 PC: 12e52 | Set disk transfer address
2018-12-25T11:45:00.565198965Z 25 PC: 12e56 | Get default drive
2018-12-25T11:45:00.566403262Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-25T11:45:00.569448874Z 78 PC: 130e3 | Find first file
2018-12-25T11:45:00.576913071Z 79 PC: 1314e | Find next file
2018-12-25T11:45:00.580153732Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.584280374Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.58763571Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.590958363Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.595792315Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.599063966Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.602190189Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.606382644Z 54 PC: 13166 | Get free disk space
2018-12-25T11:45:00.616756466Z 67 PC: 1317f | Get or set file attributes
2018-12-25T11:45:00.624003388Z 67 PC: 1318b | Get or set file attributes
2018-12-25T11:45:01.291510314Z 61 PC: 13190 | Open file (Filename = 'TEST.COM')
2018-12-25T11:45:01.300174895Z 87 PC: 13197 | Get or set file date and time
2018-12-25T11:45:01.303062211Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:01.30636779Z 66 PC: 1303a | Move file pointer
2018-12-25T11:45:01.309421034Z 64 PC: 1304d | Write file or device (Write 7 bytes on handle 5)
2018-12-25T11:45:01.313353076Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.32343268Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.327381391Z 66 PC: 13014 | Move file pointer
2018-12-25T11:45:01.329317549Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.332659692Z 87 PC: 12fc5 | Get or set file date and time
2018-12-25T11:45:01.336630661Z 62 PC: 12fc9 | Close file
2018-12-25T11:45:01.345439062Z 67 PC: 12fd5 | Get or set file attributes
2018-12-25T11:45:01.356386926Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.360001909Z 78 PC: 12e97 | Find first file
2018-12-25T11:45:01.367429885Z 79 PC: 12edc | Find next file
2018-12-25T11:45:01.370997166Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.374741675Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.377648053Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.380642179Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.383756948Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.387275927Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.390301343Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.393354158Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.396872047Z 14 PC: 12ee9 | Set default drive (Drive = 'A')
2018-12-25T11:45:01.398574772Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-25T11:45:01.401255618Z 26 PC: 12f35 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":2160,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:00.597753149Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:00.599548313Z 47 PC: 12e49 | Get disk transfer address
2018-12-25T11:45:00.601215801Z 26 PC: 12e52 | Set disk transfer address
2018-12-25T11:45:00.602526152Z 25 PC: 12e56 | Get default drive
2018-12-25T11:45:00.606909596Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-25T11:45:00.610141372Z 78 PC: 130e3 | Find first file
2018-12-25T11:45:00.616802814Z 79 PC: 1314e | Find next file
2018-12-25T11:45:00.61950085Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.623242725Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.62611709Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.62900392Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.632345183Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.635115229Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.638459922Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.64170897Z 54 PC: 13166 | Get free disk space
2018-12-25T11:45:00.651558832Z 67 PC: 1317f | Get or set file attributes
2018-12-25T11:45:00.657743051Z 67 PC: 1318b | Get or set file attributes
2018-12-25T11:45:01.291541818Z 61 PC: 13190 | Open file (Filename = 'TEST.COM')
2018-12-25T11:45:01.299267766Z 87 PC: 13197 | Get or set file date and time
2018-12-25T11:45:01.300757603Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:01.303789416Z 66 PC: 1303a | Move file pointer
2018-12-25T11:45:01.305861021Z 64 PC: 1304d | Write file or device (Write 7 bytes on handle 5)
2018-12-25T11:45:01.309717404Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.319106617Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.323118016Z 66 PC: 13014 | Move file pointer
2018-12-25T11:45:01.324323213Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.326338119Z 87 PC: 12fc5 | Get or set file date and time
2018-12-25T11:45:01.328258612Z 62 PC: 12fc9 | Close file
2018-12-25T11:45:01.334178924Z 67 PC: 12fd5 | Get or set file attributes
2018-12-25T11:45:01.34109234Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.343538836Z 78 PC: 12e97 | Find first file
2018-12-25T11:45:01.347787789Z 79 PC: 12edc | Find next file
2018-12-25T11:45:01.350404435Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.353575941Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.356319692Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.359207296Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.362413781Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.365044319Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.367680497Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.370336001Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.37312976Z 14 PC: 12ee9 | Set default drive (Drive = 'A')
2018-12-25T11:45:01.374208431Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-25T11:45:01.376297222Z 26 PC: 12f35 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2160,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:00.725108907Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:00.727613499Z 47 PC: 12e49 | Get disk transfer address
2018-12-25T11:45:00.728759835Z 26 PC: 12e52 | Set disk transfer address
2018-12-25T11:45:00.729809553Z 25 PC: 12e56 | Get default drive
2018-12-25T11:45:00.731966262Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-25T11:45:00.734908468Z 14 PC: 12e70 | Set default drive (Drive = 'C')
2018-12-25T11:45:00.737084824Z 78 PC: 130e3 | Find first file
2018-12-25T11:45:00.744146519Z 79 PC: 1314e | Find next file
2018-12-25T11:45:00.75774261Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:00.760281665Z 54 PC: 13166 | Get free disk space
2018-12-25T11:45:00.800806651Z 67 PC: 1317f | Get or set file attributes
2018-12-25T11:45:00.808960061Z 67 PC: 1318b | Get or set file attributes
2018-12-25T11:45:01.159073656Z 61 PC: 13190 | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:45:01.17220242Z 87 PC: 13197 | Get or set file date and time
2018-12-25T11:45:01.175763593Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:01.181538825Z 66 PC: 1303a | Move file pointer
2018-12-25T11:45:01.182896128Z 64 PC: 1304d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T11:45:01.189596268Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.2002629Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.202957952Z 66 PC: 13014 | Move file pointer
2018-12-25T11:45:01.204838255Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.20786044Z 87 PC: 12fc5 | Get or set file date and time
2018-12-25T11:45:01.209457629Z 62 PC: 12fc9 | Close file
2018-12-25T11:45:01.218807936Z 67 PC: 12fd5 | Get or set file attributes
2018-12-25T11:45:01.227249401Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.229098897Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.232365723Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.234340739Z 78 PC: 12e97 | Find first file
2018-12-25T11:45:01.238254145Z 79 PC: 12edc | Find next file
2018-12-25T11:45:01.240885154Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.242997586Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:01.249202336Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:01.251739566Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:01.255793131Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:01.262369263Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:01.267393072Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:01.268783657Z 63 PC: 12f4a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T11:45:01.272278282Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:01.27402792Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:01.280144753Z 64 PC: 12f7b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.288270418Z 64 PC: 12f89 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:45:01.291556883Z 64 PC: 12f99 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:45:01.29441294Z 66 PC: 12fa8 | Move file pointer
2018-12-25T11:45:01.297981787Z 64 PC: 12fb2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T11:45:01.306927419Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:01.30998454Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:01.317386681Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:01.327110318Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.330442138Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:01.333167067Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:01.340116109Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:01.350768264Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:01.357416968Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:01.359902394Z 63 PC: 12f4a | Read file or device (See above)
2018-12-25T11:45:01.366412772Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:01.368192569Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:01.374444604Z 64 PC: 12f7b | Write file or device (See above)
2018-12-25T11:45:01.383003045Z 64 PC: 12f89 | Write file or device (See above)
2018-12-25T11:45:01.385538045Z 64 PC: 12f99 | Write file or device (See above)
2018-12-25T11:45:01.388166133Z 66 PC: 12fa8 | Move file pointer (See above)
2018-12-25T11:45:01.390051251Z 64 PC: 12fb2 | Write file or device (See above)
2018-12-25T11:45:01.393081489Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:01.394401409Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:01.401745664Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:01.411696875Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.414810583Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.418306316Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.421461264Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.424737654Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.429127514Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.432276219Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.434761056Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.438136387Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.441500126Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.444015275Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.447589796Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.450753069Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.454847003Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.457571639Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.459705317Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.461936006Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.464709674Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.46699161Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.469178822Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.472181482Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.474552253Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.476582943Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.479341075Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.481458876Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.483589396Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.48643026Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.488581723Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.490785663Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.494904901Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.497809445Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.500057957Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.502312186Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.50544586Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.5074578Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.509287507Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.511901973Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:01.517775526Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.520908842Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.523805254Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.525955272Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.528101088Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.53095004Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.533141183Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.535357183Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.538085536Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.540240265Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.542432705Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.545175325Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.54734729Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.551291215Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.554698495Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.557996671Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.561241734Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.564833997Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.567396665Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.569560904Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.572213467Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.574295764Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.576940356Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.579597899Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.581750273Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.583818384Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.586647111Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.589023074Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.591804668Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.59895516Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.602628656Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.606131048Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.609941009Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.613189354Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.61642692Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.620341386Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.623404939Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.626767264Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.630649885Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.633609587Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.637261797Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.640773878Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.643639386Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.646551852Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.650687708Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.657039333Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.659982552Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.663520797Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.66640154Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.669299327Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.672769056Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.676111567Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.678959713Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.682449642Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.685695481Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.688607177Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.691647326Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.695084285Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.697868602Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.70066003Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.703920054Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.709734559Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.712549586Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.716662529Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.719542293Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.722590751Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.725640223Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.728526152Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.731596165Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.734508515Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.737461242Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.740319423Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.74332661Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.74645367Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.749312446Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.752912421Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.755973963Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.761993268Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.765185784Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.768173Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.771801566Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.774839666Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.778030101Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.782211952Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.785260222Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.78804971Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.791548357Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.794254063Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.796949346Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.800391237Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.803397638Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.806143944Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.809810483Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.815283079Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.818043252Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.821576931Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.824380974Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.827125073Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.830747753Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.83366647Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.836407945Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.84640075Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.849327017Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.852268136Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.862352207Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.865612131Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.868700069Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.875258364Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.878507157Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.881479885Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.884765957Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.887287043Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.890078836Z 14 PC: 12ee9 | Set default drive (Drive = '›')
2018-12-25T11:45:01.892684341Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-25T11:45:01.89519938Z 26 PC: 12f35 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":32,"Second":0,"TimeBased":true,"OriginalID":2160,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:01.463606277Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:01.465976484Z 47 PC: 12e49 | Get disk transfer address
2018-12-25T11:45:01.466995329Z 26 PC: 12e52 | Set disk transfer address
2018-12-25T11:45:01.467958261Z 25 PC: 12e56 | Get default drive
2018-12-25T11:45:01.470066662Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-25T11:45:01.472490303Z 14 PC: 12e70 | Set default drive (Drive = 'C')
2018-12-25T11:45:01.473706121Z 78 PC: 130e3 | Find first file
2018-12-25T11:45:01.480497829Z 79 PC: 1314e | Find next file
2018-12-25T11:45:01.482908743Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.485395542Z 54 PC: 13166 | Get free disk space
2018-12-25T11:45:01.525149821Z 67 PC: 1317f | Get or set file attributes
2018-12-25T11:45:01.532924472Z 67 PC: 1318b | Get or set file attributes
2018-12-25T11:45:01.840746554Z 61 PC: 13190 | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:45:01.847160519Z 87 PC: 13197 | Get or set file date and time
2018-12-25T11:45:01.848729575Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:01.853990091Z 66 PC: 1303a | Move file pointer
2018-12-25T11:45:01.855479715Z 64 PC: 1304d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T11:45:01.865041101Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.873978464Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.876515813Z 66 PC: 13014 | Move file pointer
2018-12-25T11:45:01.878451193Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.88175495Z 87 PC: 12fc5 | Get or set file date and time
2018-12-25T11:45:01.883075261Z 62 PC: 12fc9 | Close file
2018-12-25T11:45:01.890643417Z 67 PC: 12fd5 | Get or set file attributes
2018-12-25T11:45:01.902048168Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.905034583Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.908304801Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.910638201Z 78 PC: 12e97 | Find first file
2018-12-25T11:45:01.915767226Z 79 PC: 12edc | Find next file
2018-12-25T11:45:01.918580969Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:01.921159451Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:01.929795178Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:01.932611599Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:01.938536758Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:01.950127869Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:01.957124633Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:01.959173187Z 63 PC: 12f4a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T11:45:01.964996132Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:01.967062101Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:01.973614462Z 64 PC: 12f7b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.980467645Z 64 PC: 12f89 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:45:01.983473351Z 64 PC: 12f99 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:45:01.985379666Z 66 PC: 12fa8 | Move file pointer
2018-12-25T11:45:01.986337176Z 64 PC: 12fb2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T11:45:01.988568944Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:01.989934431Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:01.994561208Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:02.006457178Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.009569787Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:02.01202363Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:02.018792706Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:02.029230417Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:02.035790126Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:02.036954716Z 63 PC: 12f4a | Read file or device (See above)
2018-12-25T11:45:02.042310711Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:02.043527012Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:02.049521064Z 64 PC: 12f7b | Write file or device (See above)
2018-12-25T11:45:02.057503281Z 64 PC: 12f89 | Write file or device (See above)
2018-12-25T11:45:02.060073499Z 64 PC: 12f99 | Write file or device (See above)
2018-12-25T11:45:02.062647507Z 66 PC: 12fa8 | Move file pointer (See above)
2018-12-25T11:45:02.064113719Z 64 PC: 12fb2 | Write file or device (See above)
2018-12-25T11:45:02.066767151Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:02.068251396Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:02.075203173Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:02.08188322Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.084028729Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.086732214Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.089233101Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.091592723Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.094010407Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.096244461Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.098796558Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.101601656Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.103657035Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.105731538Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.109844332Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.111923913Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.115765156Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.118479814Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.121597009Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.124388644Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.128051769Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.13076367Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.133641639Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.137343209Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.140457877Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.143388681Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.147139235Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.151178578Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.154109587Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.157427044Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.160783437Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.164119005Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.173276659Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.176491722Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.179603179Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.182999886Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.186102806Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.18882341Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.191726153Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.194143353Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:02.203056909Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.207586912Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.210875501Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.213832636Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.217444523Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.221454087Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.224685615Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.228297319Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.231318688Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.234340126Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.238051399Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.241052114Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.244770367Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.251768838Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.255003097Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.25815691Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.26168354Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.264772388Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.267839273Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.271619287Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.27458322Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.277747574Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.281853629Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.284811916Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.288549798Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.292943683Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.295934735Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.299193796Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.303050148Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.309154374Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.312558954Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.317499482Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.320940553Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.324364452Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.328787952Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.33202856Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.335343976Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.339586575Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.34322241Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.346589273Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.350810791Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.354649253Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.35915105Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.363269718Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.366508519Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.373052168Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.376866346Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.379894751Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.381980782Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.384577814Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.387559527Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.390471335Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.393900758Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.397127216Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.400230434Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.404176036Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.407252372Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.410542792Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.414520902Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.417855672Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.421243725Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.429005655Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.431995399Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.435157123Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.439070027Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.442684599Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.445660108Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.449244552Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.452563679Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.455904838Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.460194246Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.463514519Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.466845966Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.470397286Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.473422545Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.475867304Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.478247547Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.482202779Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.485270042Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.487407511Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.48945915Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.492675405Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.496090644Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.500415988Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.511177773Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.514208593Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.517257241Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.520874914Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.524011208Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.527324191Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.530741135Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.533685517Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.536583379Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.543092298Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.546142237Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.549133508Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.552611311Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.555504616Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.558425713Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.562399569Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.565349233Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.568501489Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.571934248Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.574952556Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.57809365Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.581489901Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.584395454Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.590785577Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.593932029Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.59701487Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.600595648Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.603705871Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.605971035Z 14 PC: 12ee9 | Set default drive (Drive = '›')
2018-12-25T11:45:02.608496224Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-25T11:45:02.610931871Z 9 PC: 12efe | Display string (String= ' A kuku, Nastepny komornik !!! ')
2018-12-25T11:45:02.615812261Z 76 PC: 12f02 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":36,"Second":0,"TimeBased":true,"OriginalID":2160,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:01.470861223Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:01.47260676Z 47 PC: 12e49 | Get disk transfer address
2018-12-25T11:45:01.475336861Z 26 PC: 12e52 | Set disk transfer address
2018-12-25T11:45:01.477498877Z 25 PC: 12e56 | Get default drive
2018-12-25T11:45:01.479142461Z 44 PC: 12e5d | Get time 0x12e5d: and dh, 0xf
0x12e60: mov dl, dh
0x12e62: cmp dl, 0
0x12e65: je 0x12e6c
0x12e67: cmp dl, 2
0x12e6a: jne 0x12e70
0x12e6c: mov ah, 0xe
0x12e6e: int 0x21
0x12e70: mov ax, cs
0x12e72: mov es, ax
0x12e74: mov byte ptr [0x3b8], 0
0x12e79: nop
0x12e7a: mov di, 0x382
0x12e7d: mov word ptr [0x3b6], di
0x12e81: call 0x130ce
0x12e84: mov di, 0x382
0x12e87: mov ax, 0x2e2a
0x12e8a: stosw word ptr es:[di], ax
0x12e8b: mov ah, 0
0x12e8d: stosw word ptr es:[di], ax
2018-12-25T11:45:01.485606844Z 14 PC: 12e70 | Set default drive (Drive = 'C')
2018-12-25T11:45:01.487012454Z 78 PC: 130e3 | Find first file
2018-12-25T11:45:01.493157517Z 79 PC: 1314e | Find next file
2018-12-25T11:45:01.496601644Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.50081825Z 54 PC: 13166 | Get free disk space
2018-12-25T11:45:01.549411351Z 67 PC: 1317f | Get or set file attributes
2018-12-25T11:45:01.558677645Z 67 PC: 1318b | Get or set file attributes
2018-12-25T11:45:01.905987891Z 61 PC: 13190 | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:45:01.912870132Z 87 PC: 13197 | Get or set file date and time
2018-12-25T11:45:01.914394291Z 63 PC: 12ff3 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:01.921713994Z 66 PC: 1303a | Move file pointer
2018-12-25T11:45:01.923204522Z 64 PC: 1304d | Write file or device (Write 11 bytes on handle 5)
2018-12-25T11:45:01.930139066Z 64 PC: 12fff | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:01.941314679Z 64 PC: 1300b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.944662894Z 66 PC: 13014 | Move file pointer
2018-12-25T11:45:01.946492338Z 64 PC: 1302f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:01.950963153Z 87 PC: 12fc5 | Get or set file date and time
2018-12-25T11:45:01.952489128Z 62 PC: 12fc9 | Close file
2018-12-25T11:45:01.969874003Z 67 PC: 12fd5 | Get or set file attributes
2018-12-25T11:45:01.988711721Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.991783379Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.995534068Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:01.998258228Z 78 PC: 12e97 | Find first file
2018-12-25T11:45:02.004496538Z 79 PC: 12edc | Find next file
2018-12-25T11:45:02.007161137Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.009908501Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:02.020589373Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:02.023835553Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:02.030833323Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:02.043111366Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:02.05085819Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:02.052419551Z 63 PC: 12f4a | Read file or device (Read 27 bytes on handle 5)
2018-12-25T11:45:02.060079037Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:02.061697993Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:02.070148375Z 64 PC: 12f7b | Write file or device (Write 886 bytes on handle 5)
2018-12-25T11:45:02.079518368Z 64 PC: 12f89 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:45:02.083007296Z 64 PC: 12f99 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:45:02.086048156Z 66 PC: 12fa8 | Move file pointer
2018-12-25T11:45:02.088144726Z 64 PC: 12fb2 | Write file or device (Write 27 bytes on handle 5)
2018-12-25T11:45:02.091983477Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:02.093994763Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:02.10139033Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:02.113175572Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.117728514Z 54 PC: 13166 | Get free disk space (See above)
2018-12-25T11:45:02.121166294Z 67 PC: 1317f | Get or set file attributes (See above)
2018-12-25T11:45:02.130200876Z 67 PC: 1318b | Get or set file attributes (See above)
2018-12-25T11:45:02.14118272Z 61 PC: 13190 | Open file (See above)
2018-12-25T11:45:02.149254611Z 87 PC: 13197 | Get or set file date and time (See above)
2018-12-25T11:45:02.152428724Z 63 PC: 12f4a | Read file or device (See above)
2018-12-25T11:45:02.159030933Z 66 PC: 1303a | Move file pointer (See above)
2018-12-25T11:45:02.160830573Z 64 PC: 1304d | Write file or device (See above)
2018-12-25T11:45:02.169348667Z 64 PC: 12f7b | Write file or device (See above)
2018-12-25T11:45:02.178421984Z 64 PC: 12f89 | Write file or device (See above)
2018-12-25T11:45:02.181942091Z 64 PC: 12f99 | Write file or device (See above)
2018-12-25T11:45:02.185413291Z 66 PC: 12fa8 | Move file pointer (See above)
2018-12-25T11:45:02.187925656Z 64 PC: 12fb2 | Write file or device (See above)
2018-12-25T11:45:02.192355216Z 87 PC: 12fc5 | Get or set file date and time (See above)
2018-12-25T11:45:02.194447044Z 62 PC: 12fc9 | Close file (See above)
2018-12-25T11:45:02.203373866Z 67 PC: 12fd5 | Get or set file attributes (See above)
2018-12-25T11:45:02.215245402Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.219323771Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.223921849Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.229292823Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.239228611Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.244060673Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.248136313Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.252689725Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.257096059Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.262788311Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.266782193Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.271224735Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.275604896Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.283513037Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.288417125Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.292834658Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.296726392Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.304460544Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.311545601Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.315472531Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.319120458Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.323834779Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.328057503Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.333022846Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.337636894Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.341888298Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.346371961Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.350166028Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.356822854Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.36385601Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.368084903Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.376453994Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.380746788Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.38438064Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.388401035Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.391484195Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.394464891Z 78 PC: 130e3 | Find first file (See above)
2018-12-25T11:45:02.406393399Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.410345934Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.414257398Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.418385595Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.422621176Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.426498607Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.430367537Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.434740262Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.439132578Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.443022835Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.447376506Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.450889069Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.454327294Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.461673168Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.465701819Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.469213077Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.473239373Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.477739772Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.481767906Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.486241014Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.489934393Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.493753234Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.500493046Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.504337951Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.507877251Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.511905747Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.515569665Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.519310825Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.524301805Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.531624849Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.535686514Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.539601771Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.543184246Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.547611899Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.551923782Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.555694579Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.559481694Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.564241115Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.568089201Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.571619021Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.576048769Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.579749443Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.584105233Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.588471824Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.592661119Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.599545313Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.604223784Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.607709946Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.611152276Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.614862805Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.620014167Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.624743317Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.628291554Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.632301972Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.63623545Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.640247669Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.6451807Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.648824893Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.652577676Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.65731453Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.661230314Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.66859706Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.673565974Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.677005665Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.680491727Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.684896367Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.688755515Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.692145204Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.696987277Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.701008961Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.70500213Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.708964283Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.714578867Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.718068262Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.722726674Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.726754484Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.730592601Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.738059406Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.742445507Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.746098928Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.75092764Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.755002792Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.758658294Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.763276216Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.76714617Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.771484445Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.775166097Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.779279701Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.783003051Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.787301346Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.803757246Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.807351098Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.81099326Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.818879036Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.82278873Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.826344173Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.83134156Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.834893761Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.83846336Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.843639274Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.847734454Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.851635309Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.857035612Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.861146762Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.865310059Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.870524652Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.875064458Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.882756672Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.888107456Z 79 PC: 1314e | Find next file (See above)
2018-12-25T11:45:02.892003265Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.895545459Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.899549285Z 79 PC: 12edc | Find next file (See above)
2018-12-25T11:45:02.904303853Z 14 PC: 12ee9 | Set default drive (Drive = '›')
2018-12-25T11:45:02.906228719Z 44 PC: 12eed | Get time 0x12eed: cmp cl, 0x20
0x12ef0: jb 0x12f24
0x12ef2: cmp cl, 0x23
0x12ef5: jae 0x12f24
0x12ef7: mov ah, 9
0x12ef9: mov dx, 0xd2
0x12efc: int 0x21
0x12efe: mov ah, 0x4c
0x12f00: int 0x21
0x12f02: or ax, 0x410a
0x12f05: and byte ptr [bp + di + 0x75], ch
0x12f08: imul si, word ptr [di + 0x2c], 0x20
0x12f0c: dec si
0x12f0d: popaw
0x12f0e: jae 0x12f84
0x12f10: jo 0x12f81
0x12f13: jns 0x12f35
0x12f15: imul bp, word ptr [bx + 0x6d], 0x6f
0x12f19: jb 0x12f89
0x12f1b: imul bp, word ptr [bp + di + 0x20], 0x2121
2018-12-25T11:45:02.910026441Z 26 PC: 12f35 | Set disk transfer address