Sample viewer

vx.netlux.org/Virus.DOS.Birgit.999.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:16.93845286Z 42 PC: 12a62 | Get date 0x12a62: cmp dl, 0x12
0x12a65: jne 0x12a6e
0x12a67: mov cx, 0xffff
0x12a6a: mov al, 2
0x12a6c: int 0x26
0x12a6e: popaw
0x12a6f: call 0x12a76
0x12a72: jmp 0x12aa1
0x12a74: add byte ptr [bx + si], al
0x12a76: pushaw
0x12a77: mov dx, word ptr ds:[bp + 0x134]
0x12a7c: jmp 0x12a82
0x12a7e: mov ah, 0x4c
0x12a80: int 0x21
0x12a82: mov cx, 0x7c
0x12a85: lea si, word ptr [bp + 0x161]
0x12a89: mov di, si
0x12a8b: int3
0x12a8c: lodsw ax, word ptr [si]
0x12a8d: jmp 0x12a93
2018-12-17T22:20:16.940531892Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.949869786Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.951601804Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.953316942Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.955842079Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.957382119Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.958810469Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.962168259Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.963770806Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.965778683Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.96813159Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.969503078Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.970501013Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.972101294Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.973100346Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.974189228Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.975717815Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.976980654Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.978008353Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.979724889Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.981576253Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.983367755Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.98586241Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.987280864Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.989281642Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.993734515Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.995180145Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.996506859Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:16.998519559Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.000396055Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.002122047Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.003984844Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.00530398Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.007138152Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.009569375Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.011153016Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.01260244Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.014395582Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.01650059Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.018257449Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.020726154Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.023665949Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.025456468Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.027239367Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.029368748Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.03112285Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.032855802Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.03552428Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.037274223Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.039000721Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.04147661Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.042766947Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.044322758Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.046337581Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.047747826Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.049033845Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.051086631Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.053052252Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.054349935Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.056257012Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.0575661Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.059107168Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.061340951Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.062904225Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.064257846Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.066172593Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.067871929Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.069465918Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.072265656Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.073729391Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.075108498Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.077854018Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.079454262Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.081153496Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.083099952Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.084699527Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.086141498Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.08798426Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.089344169Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.090791588Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.092754402Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.094148279Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.095439515Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.09739673Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.09904336Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.100421267Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.102433572Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.103947927Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.105808736Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.107976783Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.109502005Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.11129685Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.113280285Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.11538301Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.117093283Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.119092302Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.120535996Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.121984015Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.124190797Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.126272603Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.127895381Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.130286893Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.131841128Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.13335428Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.135323033Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.136766598Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.139222525Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.141646357Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.143189813Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.144736822Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.147248659Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.148975639Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.151233469Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.152918669Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.154979137Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.156632352Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.158755342Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.160284305Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.162006209Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.164721505Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.166458919Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.168116512Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.170014826Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.171971209Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-17T22:20:17.173748321Z 44 PC: 12abd | Get time 0x12abd: mov word ptr ds:[bp + 0x134], dx
0x12ac2: jmp 0x12ac4
0x12ac4: mov ax, 0x4e00
0x12ac7: mov cx, 0
0x12aca: lea dx, word ptr [bp + 0x1e3]
0x12ace: int 0x21
0x12ad0: jae 0x12ad5
0x12ad2: jmp 0x12bd7
0x12ad5: push 0x4300
0x12ad8: pop ax
0x12ad9: mov dx, 0x9e
0x12adc: int 0x21
0x12ade: mov word ptr ds:[bp + 0x344], cx
0x12ae3: mov ax, 0x4301
0x12ae6: mov cx, 0
0x12ae9: int 0x21
0x12aeb: mov ax, 0x3d02
0x12aee: mov dx, 0x9e
0x12af1: int 0x21
0x12af3: push ax
2018-12-17T22:20:17.176398747Z 78 PC: 12ad0 | Find first file
2018-12-17T22:20:17.183001353Z 67 PC: 12ade | Get or set file attributes
2018-12-17T22:20:17.188469059Z 67 PC: 12aeb | Get or set file attributes
2018-12-17T22:20:17.204938893Z 61 PC: 12af3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:17.21245446Z 63 PC: 12b02 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:20:17.219299845Z 87 PC: 12b4c | Get or set file date and time
2018-12-17T22:20:17.220962017Z 66 PC: 12b5f | Move file pointer
2018-12-17T22:20:17.223117372Z 64 PC: 12b6c | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:20:17.226141911Z 64 PC: 12b8b | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:20:17.228891484Z 64 PC: 12b98 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:20:17.233209163Z 66 PC: 12ba3 | Move file pointer
2018-12-17T22:20:17.234725792Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.236418201Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.239393148Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.24075616Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.24213022Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.244813202Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.246450182Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.253714113Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.25933358Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.26084085Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.262231891Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.264366156Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.265518403Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.267171522Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.26950061Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.271054814Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.272270938Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.274292631Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.275562112Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.276808392Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.278532246Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.279946232Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.28108125Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.283246551Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.284428006Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.285659716Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.287489131Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.288646327Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.289732254Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.291636564Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.292732683Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.294149097Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.295775817Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.297038083Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.298533005Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.300267892Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.301388378Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.303108092Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.305059282Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.306276785Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.30755703Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.30913525Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.310288359Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.31214279Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.313219704Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.314411636Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.315923149Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.317181894Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.318334571Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.320544635Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.321788571Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.323019142Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.324827113Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.326073094Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.327881926Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.329555095Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.33082762Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.331886055Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.333301694Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.334426893Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.336061808Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.337974553Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.34193922Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.344174095Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.346372208Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.348155114Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.350628295Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.353037161Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.354892154Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.356936999Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.359096906Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.361775664Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.364406745Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.366091538Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.367999749Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.370927815Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.372868294Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.374668279Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.37745807Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.379385182Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.381167978Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.387676734Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.389771489Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.391677821Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.3945341Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.396410638Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.398275542Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.400882046Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.402984047Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.40474325Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.407246581Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.409351935Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.411132009Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.413733933Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.415802334Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.417511901Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.41997925Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.422059973Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.424491025Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.426978928Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.429025768Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.430729559Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.433196085Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.43522875Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.436918161Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.439174715Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.44098973Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.442688925Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.445127786Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.447164245Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.448866237Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.451280519Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.453257863Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.454870926Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.457230814Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.458865372Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.460319388Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.462510464Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.463887067Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.465228967Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.467504888Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.469067463Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.470417349Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.472516419Z 68 PC: 12a9c | I/O control for devices (Set for = '����.��0��s��B�Ë����>��2ۆ3ɴN�!�r �S�@t3��O�:���II �x ����ø`��w���@')
2018-12-17T22:20:17.47399866Z 64 PC: 12bb3 | Write file or device (Write 999 bytes on handle 5)
2018-12-17T22:20:17.483095188Z 87 PC: 12bc4 | Get or set file date and time
2018-12-17T22:20:17.485970152Z 62 PC: 12bc9 | Close file
2018-12-17T22:20:17.493545373Z 67 PC: 12bd7 | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3513,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:25.596233693Z 42 PC: 12a62 | Get date 0x12a62: cmp dl, 0x12
0x12a65: jne 0x12a6e
0x12a67: mov cx, 0xffff
0x12a6a: mov al, 2
0x12a6c: int 0x26
0x12a6e: popaw
0x12a6f: call 0x12a76
0x12a72: jmp 0x12aa1
0x12a74: add byte ptr [bx + si], al
0x12a76: pushaw
0x12a77: mov dx, word ptr ds:[bp + 0x134]
0x12a7c: jmp 0x12a82
0x12a7e: mov ah, 0x4c
0x12a80: int 0x21
0x12a82: mov cx, 0x7c
0x12a85: lea si, word ptr [bp + 0x161]
0x12a89: mov di, si
0x12a8b: int3
0x12a8c: lodsw ax, word ptr [si]
0x12a8d: jmp 0x12a93
2018-12-25T11:49:25.599863765Z 68 PC: 12a9c | I/O control for devices (Set for = '� ��')
2018-12-25T11:49:25.60497129Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.606927844Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.610665884Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.612799896Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.615220345Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.620198709Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.622161149Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.625532117Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.640032793Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.65662781Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.658451655Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.660523146Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.663039193Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.665603883Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.667641244Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.670746871Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.672684521Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.675193315Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.678503379Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.680575353Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.682587535Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.685791763Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.687413211Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.689069975Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.6921485Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.700617195Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.702804243Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.705085832Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.706794692Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.708509428Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.710339604Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.712721949Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.714387919Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.718112356Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.721142991Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.723142821Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.725162737Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.72730871Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.728897356Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.730377563Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.7363763Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.738305937Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.740684654Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.743355468Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.744967383Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.746548032Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.748807293Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.750745088Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.752653748Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.755584181Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.757558441Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.759602799Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.761841648Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.765104987Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.767091126Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.769100736Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.77196126Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.773625477Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.775929117Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.778641692Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.781089669Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.783044731Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.785754072Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.788168831Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.79037619Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.796047824Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.798782256Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.801945096Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.808177253Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.810430341Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.812128627Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.81379338Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.817157163Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.818901212Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.82189483Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.830234624Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.832184108Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.834300371Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.837980066Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.839579564Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.843735965Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.846827626Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.849307939Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.850922213Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.86213121Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.863634619Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.864978829Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.867046009Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.868731184Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.870365379Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.872016781Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.874100728Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.876302543Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.888696114Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.891719518Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.894244909Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.895959497Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.898393365Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.900780377Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.902678974Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.904903951Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.907213591Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.910438103Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.913202138Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.915875843Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.926777008Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.929046Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.931276845Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.937594229Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.940312157Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.945620716Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.947535204Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.95035456Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.952522953Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.954509188Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.956690487Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.959370584Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.961357712Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.963347113Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.966287421Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.968299945Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.970285861Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.973694995Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.975653138Z 44 PC: 12abd | Get time 0x12abd: mov word ptr ds:[bp + 0x134], dx
0x12ac2: jmp 0x12ac4
0x12ac4: mov ax, 0x4e00
0x12ac7: mov cx, 0
0x12aca: lea dx, word ptr [bp + 0x1e3]
0x12ace: int 0x21
0x12ad0: jae 0x12ad5
0x12ad2: jmp 0x12bd7
0x12ad5: push 0x4300
0x12ad8: pop ax
0x12ad9: mov dx, 0x9e
0x12adc: int 0x21
0x12ade: mov word ptr ds:[bp + 0x344], cx
0x12ae3: mov ax, 0x4301
0x12ae6: mov cx, 0
0x12ae9: int 0x21
0x12aeb: mov ax, 0x3d02
0x12aee: mov dx, 0x9e
0x12af1: int 0x21
0x12af3: push ax
2018-12-25T11:49:25.978423812Z 78 PC: 12ad0 | Find first file
2018-12-25T11:49:25.986416191Z 67 PC: 12ade | Get or set file attributes
2018-12-25T11:49:25.997203835Z 67 PC: 12aeb | Get or set file attributes
2018-12-25T11:49:26.015456714Z 61 PC: 12af3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:26.023892829Z 63 PC: 12b02 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:26.031574841Z 87 PC: 12b4c | Get or set file date and time
2018-12-25T11:49:26.033696684Z 66 PC: 12b5f | Move file pointer
2018-12-25T11:49:26.036566018Z 64 PC: 12b6c | Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:49:26.04026607Z 64 PC: 12b8b | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:49:26.043689772Z 64 PC: 12b98 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:49:26.048155894Z 66 PC: 12ba3 | Move file pointer
2018-12-25T11:49:26.050518728Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.052683435Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.055009966Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.057998173Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.060157903Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.062419538Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.065245682Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.067311532Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.069392646Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.071880681Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.073937403Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.076017902Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.079096424Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.08116773Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.083221261Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.086349983Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.088400324Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.090476858Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.093577007Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.09565163Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.097766487Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.10116056Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.103527375Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.105588235Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.1086724Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.11079035Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.112828411Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.115594784Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.117447849Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.119436289Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.122187449Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.124175925Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.126125345Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.12856352Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.130541301Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.132507502Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.135149208Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.137144519Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.139446062Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.143042633Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.1448939Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.14687367Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.149284405Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.151269441Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.15325133Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.155678333Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.157672952Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.159807003Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.162792699Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.16542521Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.167556319Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.169923551Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.172995683Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.175133026Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.177268405Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.180517594Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.182684842Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.185285264Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.188528007Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.190681442Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.192825198Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.195996549Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.197827438Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.199589056Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.202219596Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.204069615Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.206289486Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.209221293Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.210984794Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.212754055Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.215520573Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.217318217Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.219067688Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.222310306Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.224165478Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.226342339Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.228694381Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.231682917Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.233800359Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.235899551Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.239067567Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.241253686Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.244214884Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.247435959Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.249586337Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.251725422Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.25499578Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.257147355Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.259857941Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.262863818Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.26538004Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.267535738Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.270608143Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.273091959Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.275228633Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.278185975Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.280658385Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.282806239Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.285634865Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.287983979Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.290017068Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.292260603Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.295193777Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.297207991Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.299241948Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.302341706Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.304754979Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.306766464Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.309867681Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.311895896Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.313925619Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.317026803Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.319084144Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.321125853Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.324015769Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.326371045Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.328390808Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.331341128Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.333728416Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.336599228Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.339452785Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.342248808Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.3442645Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.347107958Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:26.349493724Z 64 PC: 12bb3 | Write file or device (Write 999 bytes on handle 5)
2018-12-25T11:49:26.35950796Z 87 PC: 12bc4 | Get or set file date and time
2018-12-25T11:49:26.361798797Z 62 PC: 12bc9 | Close file
2018-12-25T11:49:26.371469265Z 67 PC: 12bd7 | Get or set file attributes

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3513,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:25.627622434Z 42 PC: 12a62 | Get date 0x12a62: cmp dl, 0x12
0x12a65: jne 0x12a6e
0x12a67: mov cx, 0xffff
0x12a6a: mov al, 2
0x12a6c: int 0x26
0x12a6e: popaw
0x12a6f: call 0x12a76
0x12a72: jmp 0x12aa1
0x12a74: add byte ptr [bx + si], al
0x12a76: pushaw
0x12a77: mov dx, word ptr ds:[bp + 0x134]
0x12a7c: jmp 0x12a82
0x12a7e: mov ah, 0x4c
0x12a80: int 0x21
0x12a82: mov cx, 0x7c
0x12a85: lea si, word ptr [bp + 0x161]
0x12a89: mov di, si
0x12a8b: int3
0x12a8c: lodsw ax, word ptr [si]
0x12a8d: jmp 0x12a93
2018-12-25T11:49:25.632055527Z 68 PC: 12a9c | I/O control for devices (Set for = '')
2018-12-25T11:49:25.63435689Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.636290229Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.638259311Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.641288169Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.643220734Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.645169492Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.647707855Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.649684322Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.651608973Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.664329932Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.666245769Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.669385722Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.671575875Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.67327693Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.675091878Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.677905388Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.680154879Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.692237809Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.693468612Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.701392915Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.702675653Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.704303689Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.706587133Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.707684741Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.709231287Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.710747317Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.711844558Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.712820659Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.714377576Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.715586934Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.716742534Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.7187799Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.719931894Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.72105106Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.722886336Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.724152854Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.725332058Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.726940995Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.72806783Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.729226282Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.730639688Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.73255413Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.733585487Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.734872431Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.736857367Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.738343281Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.739789557Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.742360325Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.743985677Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.752591304Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.754847408Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.75641421Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.757934382Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.760300585Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.761971186Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.763639716Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.76646679Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.767984509Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.769473713Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.771081341Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.773943242Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.775871623Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.777612022Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.780449193Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.782426369Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.784405844Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.78702396Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.788687561Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.790296734Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.792301294Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.794308882Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.796094503Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.79882877Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.804849492Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.820574651Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.823411332Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.825681218Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.827655444Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.82982268Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.832548079Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.83422958Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.835820917Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.838408831Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.840212114Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.842335097Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.844610181Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.84676711Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.848936323Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.8516085Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.853584163Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.855610351Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.85828681Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.859787794Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.861208664Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.864178658Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.866798842Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.868322871Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.870231546Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.871429253Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.872583108Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.874342898Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.875488Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.876655091Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.87828617Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.879434336Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.880609141Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.882081903Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.883427718Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.884697298Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.886428967Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.887757357Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.889483086Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.891456075Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.893190381Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.894692758Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.896646216Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.898472182Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.899840674Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.902155838Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.906748273Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.908457596Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.910297803Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.91316026Z 68 PC: 12a9c | I/O control for devices (See above)
2018-12-25T11:49:25.915127862Z 44 PC: 12abd | Get time 0x12abd: mov word ptr ds:[bp + 0x134], dx
0x12ac2: jmp 0x12ac4
0x12ac4: mov ax, 0x4e00
0x12ac7: mov cx, 0
0x12aca: lea dx, word ptr [bp + 0x1e3]
0x12ace: int 0x21
0x12ad0: jae 0x12ad5
0x12ad2: jmp 0x12bd7
0x12ad5: push 0x4300
0x12ad8: pop ax
0x12ad9: mov dx, 0x9e
0x12adc: int 0x21
0x12ade: mov word ptr ds:[bp + 0x344], cx
0x12ae3: mov ax, 0x4301
0x12ae6: mov cx, 0
0x12ae9: int 0x21
0x12aeb: mov ax, 0x3d02
0x12aee: mov dx, 0x9e
0x12af1: int 0x21
0x12af3: push ax
2018-12-25T11:49:25.918160566Z 78 PC: 12ad0 | Find first file