Sample viewer

vx.netlux.org/Virus.DOS.Hammer.2272

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:24.341635756Z	213	PC: 17cbb \| UNKNOWN!
2018-12-17T22:22:24.343974134Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-17T22:22:24.346974477Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:24.354792915Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":13,"Month":6,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:24.018280386Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:24.02036068Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:24.0231886Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:24.029615996Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":26,"Month":11,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:24.301643964Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:24.306998891Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:24.309183995Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:24.314884273Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:24.382188119Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:24.383992411Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:24.386752173Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:24.388292145Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":16,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:26.026000524Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:26.02766412Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:26.030302194Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:26.036943244Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:26.015837082Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:26.019136702Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:26.024875046Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:26.026664692Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":26,"Month":12,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:26.583975763Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:26.585381924Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:26.587258354Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:26.593919439Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:26.983265398Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:26.985475268Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:26.987671179Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:26.988805736Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":13,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:27.305502147Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:27.307779896Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:27.309891275Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:27.311021823Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":13,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:27.655714841Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:27.661695401Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:27.664068637Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:27.665450501Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":13,"Month":11,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:29.144210933Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:29.147153033Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:29.149983501Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:29.151462605Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":16,"Month":11,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:29.202570105Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:29.204547124Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:29.20749731Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:29.214642696Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:29.215442492Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:29.217017518Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:29.219482092Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:29.226221515Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":13,"Month":11,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:29.50557744Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:29.507824784Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:29.510440461Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:29.517544272Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":1,"Month":11,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:29.687178402Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:29.69278425Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:29.696461711Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:29.697649257Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:29.832975088Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:29.835634752Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:29.838478822Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:29.840225512Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:30.007200754Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:30.008681338Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:30.011647593Z	78	PC: 17d5e \| Find first file
2018-12-25T11:50:30.018164182Z	25	PC: 17d72 \| Get default drive

{"DateBased":true,"Day":1,"Month":12,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3928,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:30.194326595Z	213	PC: 17cbb \| UNKNOWN!
2018-12-25T11:50:30.196616841Z	42	PC: 17d0c \| Get date 0x17d0c: cmp cx, 0x7cd 0x17d10: jne 0x17d1e 0x17d12: cmp dh, 0xc 0x17d15: jne 0x17d1e 0x17d17: cmp dl, 0x1a 0x17d1a: jb 0x17d38 0x17d1c: jmp 0x17d4f 0x17d1e: cmp dh, 0xb 0x17d21: jne 0x17d2d 0x17d23: cmp dl, 0x10 0x17d26: je 0x17d4f 0x17d28: cmp dl, 0x1a 0x17d2b: je 0x17d4f 0x17d2d: cmp dl, 0xd 0x17d30: jne 0x17d38 0x17d32: cmp al, 5 0x17d34: jne 0x17d38 0x17d36: jmp 0x17d4f 0x17d38: mov ax, 0x3521 0x17d3b: int 0x21
2018-12-25T11:50:30.199672254Z	53	PC: 17d3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:30.201733825Z	37	PC: 17d4d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')