Sample viewer

vx.netlux.org/Virus.DOS.DirDropper.1686

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:28.71878233Z 42 PC: 12ed4 | Get date 0x12ed4: cmp dh, 0xa
0x12ed7: jne 0x12edc
0x12ed9: jmp 0x13038
0x12edc: mov ax, cs
0x12ede: add ax, 0x1000
0x12ee1: mov es, ax
0x12ee3: mov si, 0x100
0x12ee6: xor di, di
0x12ee8: mov cx, 0x696
0x12eeb: rep movsb byte ptr es:[di], byte ptr [si]
0x12eed: mov dx, 0x524
0x12ef0: mov ah, 0x1a
0x12ef2: int 0x21
0x12ef4: mov word ptr [0x10a], es
0x12ef8: push cs
0x12ef9: pop es
0x12efa: mov ah, 0xb6
0x12efc: mov cx, 0x416
0x12eff: mov si, 0x10e
0x12f02: mov di, si
2018-12-17T22:45:28.722605972Z 26 PC: 12ef4 | Set disk transfer address
2018-12-17T22:45:28.725334266Z 78 PC: 1306c | Find first file
2018-12-17T22:45:28.730594886Z 78 PC: 12f7e | Find first file
2018-12-17T22:45:28.736540293Z 78 PC: 1306c | Find first file
2018-12-17T22:45:28.748750225Z 78 PC: 12f7e | Find first file
2018-12-17T22:45:28.754411978Z 78 PC: 1306c | Find first file
2018-12-17T22:45:28.760182166Z 78 PC: 12f7e | Find first file
2018-12-17T22:45:28.765245505Z 78 PC: 12f7e | Find first file
2018-12-17T22:45:28.768686177Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 2)
2018-12-17T22:45:28.771129126Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.772831813Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.774553737Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.781926044Z 64 PC: 12fe5 | Write file or device (Write 29183 bytes on handle 3)
2018-12-17T22:45:28.78541182Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.787539206Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.789772721Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.800436049Z 64 PC: 12fe5 | Write file or device (Write 36862 bytes on handle 4)
2018-12-17T22:45:28.805557938Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.817919595Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.826167877Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.832488517Z 64 PC: 12fe5 | Write file or device (Write 37408 bytes on handle 5)
2018-12-17T22:45:28.83454534Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.836557169Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.842678917Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.847527673Z 64 PC: 12fe5 | Write file or device (Write 29183 bytes on handle 6)
2018-12-17T22:45:28.849188423Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.851406098Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.856195462Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.862299287Z 64 PC: 12fe5 | Write file or device (Write 28912 bytes on handle 7)
2018-12-17T22:45:28.864770298Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.866570228Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.868441893Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.874196822Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 8)
2018-12-17T22:45:28.876212928Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.878188489Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.88037744Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.885916794Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 9)
2018-12-17T22:45:28.888016397Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.890143502Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.893059569Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.899048417Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 10)
2018-12-17T22:45:28.901207662Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.903754836Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.905784368Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.910948828Z 64 PC: 12fe5 | Write file or device (Write 7527 bytes on handle 11)
2018-12-17T22:45:28.91385731Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.922765631Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.926207225Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.932637402Z 64 PC: 12fe5 | Write file or device (Write 29183 bytes on handle 12)
2018-12-17T22:45:28.935155601Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.937441334Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.940480342Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.953765814Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 13)
2018-12-17T22:45:28.955937242Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.958085477Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.960711439Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.966036059Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 14)
2018-12-17T22:45:28.968186628Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.981048715Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.983183745Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:28.988607441Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 15)
2018-12-17T22:45:28.991297073Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:28.993364466Z 62 PC: 130c7 | Close file
2018-12-17T22:45:28.995897423Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.002030933Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 16)
2018-12-17T22:45:29.004525999Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.006642634Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.00940907Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.014916814Z 64 PC: 12fe5 | Write file or device (Write 4589 bytes on handle 17)
2018-12-17T22:45:29.016907904Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.019585393Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.021305814Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.026119224Z 64 PC: 12fe5 | Write file or device (Write 36862 bytes on handle 18)
2018-12-17T22:45:29.028160107Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.031407997Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.033579335Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.038907132Z 64 PC: 12fe5 | Write file or device (Write 29183 bytes on handle 19)
2018-12-17T22:45:29.041993679Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.044477945Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.046648912Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.053348926Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 20)
2018-12-17T22:45:29.055791483Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.057963262Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.061031955Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.066887112Z 64 PC: 12fe5 | Write file or device (Write 29387 bytes on handle 21)
2018-12-17T22:45:29.068496284Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.070311443Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.07277469Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.078203156Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 22)
2018-12-17T22:45:29.080113293Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.082883065Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.084669931Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.089766954Z 64 PC: 12fe5 | Write file or device (Write 29699 bytes on handle 23)
2018-12-17T22:45:29.092453019Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.094186434Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.095885615Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.101914579Z 64 PC: 12fe5 | Write file or device (Write 29183 bytes on handle 24)
2018-12-17T22:45:29.104168732Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.106429899Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.108550612Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.115401209Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 25)
2018-12-17T22:45:29.117773344Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.120095645Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.122789765Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.130257351Z 64 PC: 12fe5 | Write file or device (Write 17382 bytes on handle 26)
2018-12-17T22:45:29.132566818Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.135692028Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.138259991Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.144124815Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 27)
2018-12-17T22:45:29.146714429Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.1486847Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.15029784Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.155507023Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 28)
2018-12-17T22:45:29.157377526Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.159170764Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.161916812Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.167166471Z 64 PC: 12fe5 | Write file or device (Write 29208 bytes on handle 29)
2018-12-17T22:45:29.1693807Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.17159054Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.174185294Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.17930042Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 30)
2018-12-17T22:45:29.181303743Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.184562674Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.186457523Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.191556699Z 64 PC: 12fe5 | Write file or device (Write 37408 bytes on handle 31)
2018-12-17T22:45:29.19429916Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.196376562Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.198358415Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.20378166Z 64 PC: 12fe5 | Write file or device (Write 15649 bytes on handle 32)
2018-12-17T22:45:29.20588511Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.207857315Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.210902163Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.216759554Z 64 PC: 12fe5 | Write file or device (Write 37408 bytes on handle 33)
2018-12-17T22:45:29.21873259Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.221784823Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.227969969Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.232769664Z 64 PC: 12fe5 | Write file or device (Write 37408 bytes on handle 34)
2018-12-17T22:45:29.234208556Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.236708672Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.238782516Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.244136442Z 64 PC: 12fe5 | Write file or device (Write 32512 bytes on handle 35)
2018-12-17T22:45:29.248344405Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.250872964Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.253158506Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.260034541Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 36)
2018-12-17T22:45:29.262159131Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.264338174Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.267245855Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.272531612Z 64 PC: 12fe5 | Write file or device (Write 29183 bytes on handle 37)
2018-12-17T22:45:29.274715273Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.277490155Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.279645694Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.28469671Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 38)
2018-12-17T22:45:29.287371534Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.289040769Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.290949153Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.297350466Z 64 PC: 12fe5 | Write file or device (Write 57449 bytes on handle 39)
2018-12-17T22:45:29.300436401Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.303562022Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.306626157Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.311806326Z 64 PC: 12fe5 | Write file or device (Write 37408 bytes on handle 40)
2018-12-17T22:45:29.313957416Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.317253437Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.319468637Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.324722795Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 41)
2018-12-17T22:45:29.327616109Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.330127235Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.332245935Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.341730258Z 64 PC: 12fe5 | Write file or device (Write 28929 bytes on handle 42)
2018-12-17T22:45:29.343740353Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.345753694Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.347911807Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.353963994Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 43)
2018-12-17T22:45:29.356747412Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.358920132Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.361207558Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.366216176Z 64 PC: 12fe5 | Write file or device (Write 37408 bytes on handle 44)
2018-12-17T22:45:29.368145449Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.370364457Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.372702949Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.377943642Z 64 PC: 12fe5 | Write file or device (Write 28749 bytes on handle 45)
2018-12-17T22:45:29.380080505Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.381836763Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.383898436Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.390546982Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 46)
2018-12-17T22:45:29.39215359Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.393677291Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.396129628Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.400999484Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 47)
2018-12-17T22:45:29.402675792Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.405021067Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.406722613Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.41149151Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 48)
2018-12-17T22:45:29.414149742Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.415758844Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.417319585Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.422799538Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 49)
2018-12-17T22:45:29.424395485Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.426931578Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.429593307Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.434425543Z 64 PC: 12fe5 | Write file or device (Write 46397 bytes on handle 50)
2018-12-17T22:45:29.436051707Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.43830577Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.439841144Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.444965218Z 64 PC: 12fe5 | Write file or device (Write 51457 bytes on handle 51)
2018-12-17T22:45:29.447745901Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.450095183Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.452031329Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.458023313Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 52)
2018-12-17T22:45:29.459675847Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.461638823Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.468555334Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.473662185Z 64 PC: 12fe5 | Write file or device (Write 1536 bytes on handle 53)
2018-12-17T22:45:29.475236061Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.477058193Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.481707756Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.486692798Z 64 PC: 12fe5 | Write file or device (Write 50961 bytes on handle 54)
2018-12-17T22:45:29.488560967Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.491511589Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.493377343Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.498414533Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 55)
2018-12-17T22:45:29.501309811Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.503003903Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.504621792Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.510404232Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 56)
2018-12-17T22:45:29.512352481Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.514339142Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.51708547Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.522412425Z 64 PC: 12fe5 | Write file or device (Write 1718 bytes on handle 57)
2018-12-17T22:45:29.524374329Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.527168568Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.529440856Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.534602189Z 64 PC: 12fe5 | Write file or device (Write 57449 bytes on handle 58)
2018-12-17T22:45:29.537277694Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.539561263Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.541510765Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.549082585Z 64 PC: 12fe5 | Write file or device (Write 4589 bytes on handle 59)
2018-12-17T22:45:29.551056983Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.553016965Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.555876355Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.561048228Z 64 PC: 12fe5 | Write file or device (Write 29343 bytes on handle 60)
2018-12-17T22:45:29.562991168Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.564966598Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.56785878Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.572910988Z 64 PC: 12fe5 | Write file or device (Write 51473 bytes on handle 61)
2018-12-17T22:45:29.57487101Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.577795122Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.579719276Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.584759301Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 62)
2018-12-17T22:45:29.587669477Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.589660888Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.591582426Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.597458211Z 64 PC: 12fe5 | Write file or device (Write 57449 bytes on handle 63)
2018-12-17T22:45:29.599679674Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.601638233Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.604376085Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.609726213Z 64 PC: 12fe5 | Write file or device (Write 52819 bytes on handle 64)
2018-12-17T22:45:29.611666938Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.614353564Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.616535842Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.621605173Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 65)
2018-12-17T22:45:29.624544083Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.626555621Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.629250703Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.635255901Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 66)
2018-12-17T22:45:29.63726774Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.639225637Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.641177022Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.647247613Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 67)
2018-12-17T22:45:29.649221271Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.651205537Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.654107427Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.659266006Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 68)
2018-12-17T22:45:29.661253268Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.664392254Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.66640317Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.671621802Z 64 PC: 12fe5 | Write file or device (Write 38588 bytes on handle 69)
2018-12-17T22:45:29.674761288Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.676799256Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.67885128Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.685178944Z 64 PC: 12fe5 | Write file or device (Write 29387 bytes on handle 70)
2018-12-17T22:45:29.687177889Z 87 PC: 130c3 | Get or set file date and time
2018-12-17T22:45:29.689187443Z 62 PC: 130c7 | Close file
2018-12-17T22:45:29.692238883Z 67 PC: 130d5 | Get or set file attributes
2018-12-17T22:45:29.697379769Z 64 PC: 12fe5 | Write file or device (Write 49050 bytes on handle 71)
2018-12-17T22:45:29.699391718Z 26 PC: 12ff2 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8557,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:21.127605177Z 42 PC: 12ed4 | Get date 0x12ed4: cmp dh, 0xa
0x12ed7: jne 0x12edc
0x12ed9: jmp 0x13038
0x12edc: mov ax, cs
0x12ede: add ax, 0x1000
0x12ee1: mov es, ax
0x12ee3: mov si, 0x100
0x12ee6: xor di, di
0x12ee8: mov cx, 0x696
0x12eeb: rep movsb byte ptr es:[di], byte ptr [si]
0x12eed: mov dx, 0x524
0x12ef0: mov ah, 0x1a
0x12ef2: int 0x21
0x12ef4: mov word ptr [0x10a], es
0x12ef8: push cs
0x12ef9: pop es
0x12efa: mov ah, 0xb6
0x12efc: mov cx, 0x416
0x12eff: mov si, 0x10e
0x12f02: mov di, si
2018-12-25T12:21:21.129319994Z 26 PC: 12ef4 | Set disk transfer address
2018-12-25T12:21:21.130688445Z 78 PC: 1306c | Find first file
2018-12-25T12:21:21.133571387Z 78 PC: 12f7e | Find first file
2018-12-25T12:21:21.137050078Z 78 PC: 1306c | Find first file (See above)
2018-12-25T12:21:21.142756022Z 78 PC: 12f7e | Find first file (See above)
2018-12-25T12:21:21.148308705Z 78 PC: 1306c | Find first file (See above)
2018-12-25T12:21:21.153923689Z 78 PC: 12f7e | Find first file (See above)
2018-12-25T12:21:21.159281388Z 78 PC: 12f7e | Find first file (See above)
2018-12-25T12:21:21.164533485Z 64 PC: 12fe5 | Write file or device (Write 29184 bytes on handle 2)
2018-12-25T12:21:21.166485033Z 87 PC: 130c3 | Get or set file date and time
2018-12-25T12:21:21.167786412Z 62 PC: 130c7 | Close file
2018-12-25T12:21:21.168777295Z 67 PC: 130d5 | Get or set file attributes
2018-12-25T12:21:21.171699276Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.173517037Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.174378813Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.175487133Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.17827852Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.180285961Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.181199542Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.182519507Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.185202319Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.186140622Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.18756043Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.188542427Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.191182657Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.192750556Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.193673383Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.194869992Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.198246688Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.199287898Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.200304501Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.20177856Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.204528798Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.205715313Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.20728824Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.208283408Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.211087975Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.212621972Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.213827722Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.21481615Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.218257817Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.21950981Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.220507595Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.221873786Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.225701358Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.226805631Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.228284138Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.229347403Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.232480471Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.234178813Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.235139236Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.236098161Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.240921751Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.242306727Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.244416707Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.246089716Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.250197832Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.251608536Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.253451703Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.25464155Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.258897452Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.260834994Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.262046425Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.263031983Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.266198353Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.267295577Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.268235854Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.269571956Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.27287951Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.27430897Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.275791028Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.27696155Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.281221198Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.283086199Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.2841739Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.285150971Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.288862114Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.28988038Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.290852679Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.292208422Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.294792927Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.29565555Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.296905625Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.297825013Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.300555867Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.301742584Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.302975621Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.30412368Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.307066654Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.30792559Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.308762911Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.309900989Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.312578571Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.313447502Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.314913725Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.316260286Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.320998069Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.322617767Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.323856033Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.325062776Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.329506824Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.330750279Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.331909678Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.333417801Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.337494097Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.338945581Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.340707186Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.341951479Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.346139588Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.347517912Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.348833302Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.350118017Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.35465587Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.355757447Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.356821503Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.358320568Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.362705849Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.364013483Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.365615521Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.367085255Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.371162792Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.372996602Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.374328591Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.375425952Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.380101347Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.381345598Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.38253304Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.383978702Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.388741263Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.390024625Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.39158988Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.392520843Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.395250834Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.396292611Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.397156088Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.398347323Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.400973829Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.401807036Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.403235601Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.404167816Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.406869209Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.40809516Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.4090536Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.409899535Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.412860934Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.413754768Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.414629218Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.415802637Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.418435651Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.41928267Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.42046125Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.421296193Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.423733725Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.424856201Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.425731435Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.426556173Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.429528293Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.430569748Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.431434435Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.432456279Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.435037284Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.436059824Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.437121293Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.437954916Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.440792861Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.44171404Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.44256227Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.443711238Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.446367457Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.447216629Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.448376253Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.449296386Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.451751592Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.452915419Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.453848522Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.4547304Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.457626545Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.458563258Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.459446851Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.460781197Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.46388072Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.464763914Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.465881288Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.467048666Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.471023247Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.472376832Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.473607481Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.475105412Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.47904625Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.480109843Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.481519263Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.482516987Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.485087551Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.486420941Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.48732348Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.488193825Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.491052404Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.491951564Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.492834838Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.493937325Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.496546202Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.497489453Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.4986865Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.499554023Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.502091842Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.50317821Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.504052686Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.504973992Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.507623239Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.508476133Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.509458829Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.510428277Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.512980314Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.514182193Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.51509391Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.515923713Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.518875099Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.519795509Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.520678424Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.521888926Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.524482097Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.525361188Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.52654531Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.52741196Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.529966943Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.5312751Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.532180517Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.533082948Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.536130334Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.537052588Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.538119732Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.539187517Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.541737579Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.542973593Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.543979057Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.544834894Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.547794082Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.54876136Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.549630963Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.55092033Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.553526432Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.554461124Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.555765091Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.556723022Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.559278467Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.560477885Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.56138601Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.56225034Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.565272135Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.566145438Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.567031143Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.568076184Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.570650542Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.571638042Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.572606339Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.573440896Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.576328631Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.577223243Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.578127647Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.579429711Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.582089409Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.582972461Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.584183591Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.58510314Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.587690796Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.588863049Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.589777967Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.590646642Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.593638871Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.594615457Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.595706048Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.596724191Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.599316185Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.600539388Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.601456994Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.602308466Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.605237501Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.606139061Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.606996951Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.6082411Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.61085079Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.612413498Z 87 PC: 130c3 | Get or set file date and time (See above)
2018-12-25T12:21:21.613372902Z 62 PC: 130c7 | Close file (See above)
2018-12-25T12:21:21.614253502Z 67 PC: 130d5 | Get or set file attributes (See above)
2018-12-25T12:21:21.617229703Z 64 PC: 12fe5 | Write file or device (See above)
2018-12-25T12:21:21.618186439Z 26 PC: 12ff2 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8557,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:21.389330286Z 42 PC: 12ed4 | Get date 0x12ed4: cmp dh, 0xa
0x12ed7: jne 0x12edc
0x12ed9: jmp 0x13038
0x12edc: mov ax, cs
0x12ede: add ax, 0x1000
0x12ee1: mov es, ax
0x12ee3: mov si, 0x100
0x12ee6: xor di, di
0x12ee8: mov cx, 0x696
0x12eeb: rep movsb byte ptr es:[di], byte ptr [si]
0x12eed: mov dx, 0x524
0x12ef0: mov ah, 0x1a
0x12ef2: int 0x21
0x12ef4: mov word ptr [0x10a], es
0x12ef8: push cs
0x12ef9: pop es
0x12efa: mov ah, 0xb6
0x12efc: mov cx, 0x416
0x12eff: mov si, 0x10e
0x12f02: mov di, si
2018-12-25T12:21:21.391131749Z 25 PC: 1303e | Get default drive
2018-12-25T12:21:23.567226942Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:21:23.568315707Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:21:23.570276731Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:21:23.572107283Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:21:23.578498798Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:21:23.579839156Z 62 PC: 91fc1 | Close file
2018-12-25T12:21:23.581171096Z 75 PC: 91fe0 | Execute program
2018-12-25T12:21:23.594474497Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:21:23.595932747Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:21:23.600055807Z 48 PC: c609 | Get DOS version
2018-12-25T12:21:23.603033523Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:21:23.605376581Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:21:23.607913822Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:21:23.611644331Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:21:23.61567436Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:21:23.620515565Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:21:23.631157045Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:21:23.632443414Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:21:23.635017527Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:21:23.65699159Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:21:23.660508422Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:23.672940603Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:23.673999627Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:23.675056311Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:23.676651705Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:23.677718501Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:21:23.685120915Z 62 PC: 8f8eb | Close file
2018-12-25T12:21:23.687497413Z 62 PC: 8f8f2 | Close file
2018-12-25T12:21:23.689149555Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.690550093Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.692628568Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.693973847Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.695310924Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.697471677Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.698736386Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.699955525Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.701601948Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.702928475Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.704100605Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.705676648Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.706782897Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.707883163Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.709291119Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.710333203Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.711941713Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.713376442Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.714457326Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.715386568Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.717022014Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.718082016Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.719111804Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.720616631Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.72160013Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.722564039Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.723986552Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.724940679Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.725916104Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:23.727509966Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:21:23.731113586Z 62 PC: 8f90e | Close file
2018-12-25T12:21:23.732561452Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:21:23.734057914Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:21:23.735553184Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:21:23.740063456Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:21:23.742003058Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:21:23.745110512Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:21:23.746810322Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:21:23.748534883Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:21:23.750031643Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:21:23.751393292Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:21:23.753376851Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:21:23.755927499Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:21:23.757296817Z 73 PC: 8fa11 | Release memory
2018-12-25T12:21:23.759121612Z 73 PC: 8efea | Release memory
2018-12-25T12:21:23.76029753Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:21:23.761677884Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:21:23.763777872Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:21:23.765288834Z 73 PC: 8f060 | Release memory
2018-12-25T12:21:23.766457641Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:21:23.776672959Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:21:23.781926268Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:21:23.783163784Z 62 PC: 8f0d1 | Close file
2018-12-25T12:21:23.785646387Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:21:23.806436216Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:21:23.807112623Z 48 PC: 12bee | Get DOS version
2018-12-25T12:21:23.810454123Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:21:23.81271844Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:21:23.813911584Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:21:23.815595021Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:21:23.816869087Z 72 PC: 1355d | Allocate memory
2018-12-25T12:21:23.818455199Z 25 PC: 13596 | Get default drive
2018-12-25T12:21:23.819996656Z 71 PC: 135ad | Get current directory
2018-12-25T12:21:23.822339555Z 59 PC: 135ba | Change current directory
2018-12-25T12:21:23.827458802Z 59 PC: 135c8 | Change current directory
2018-12-25T12:21:23.83411008Z 59 PC: 135d3 | Change current directory
2018-12-25T12:21:23.837722594Z 25 PC: 12d13 | Get default drive
2018-12-25T12:21:23.838974186Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:21:23.840717276Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:21:23.842051189Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:23.844397561Z 80 PC: 1301d | Set current PSP
2018-12-25T12:21:23.846060017Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:21:23.847518034Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:23.848890719Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:23.850886898Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:21:23.8530022Z 72 PC: 130ec | Allocate memory
2018-12-25T12:21:23.855016718Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:21:23.862527483Z 62 PC: 131ba | Close file
2018-12-25T12:21:23.864719837Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:21:23.86593823Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:21:23.868203012Z 72 PC: 11991 | Allocate memory
2018-12-25T12:21:23.869622203Z 73 PC: 119b2 | Release memory
2018-12-25T12:21:23.870704514Z 72 PC: 119bd | Allocate memory
2018-12-25T12:21:23.872766134Z 73 PC: 119df | Release memory
2018-12-25T12:21:23.873959163Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:21:23.875487476Z 72 PC: 119fd | Allocate memory