Sample viewer

vx.netlux.org/Virus.DOS.VCL.Jerk.268

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:51.810336416Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 0xb
0x12a5e: jne 0x12a63
0x12a60: jmp 0x12af6
0x12a63: mov dx, 0x1c0
0x12a66: mov ah, 0x4e
0x12a68: mov cx, 1
0x12a6b: int 0x21
0x12a6d: jae 0x12a72
0x12a6f: jmp 0x12a84
0x12a72: call 0x12a89
0x12a75: mov dx, 0x80
0x12a78: mov ah, 0x4f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x12a84
0x12a81: jmp 0x12a72
0x12a84: mov di, 0x100
0x12a87: jmp di
0x12a89: lea dx, word ptr [0x9e]
0x12a8d: cmp word ptr [bp + 0xa3], 0x444e
2018-12-17T22:53:51.814069245Z 78 PC: 12a6d | Find first file
2018-12-17T22:53:51.829402854Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:51.845639643Z 61 PC: 12aa1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:51.86896014Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:51.875277567Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:51.876364209Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:51.878660176Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:51.879830323Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:51.885119699Z 62 PC: 12af3 | Close file
2018-12-17T22:53:51.890340052Z 79 PC: 12a7c | Find next file
2018-12-17T22:53:51.892454555Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:51.898735725Z 61 PC: 12aa1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:53:51.903172151Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:51.907729283Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:51.908713591Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:51.910493695Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:51.911942037Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:51.913727997Z 62 PC: 12af3 | Close file
2018-12-17T22:53:51.918997081Z 79 PC: 12a7c | Find next file
2018-12-17T22:53:51.937887189Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:51.945853563Z 61 PC: 12aa1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:53:51.950551741Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:51.955157688Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:51.956444313Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:51.958452608Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:51.960127747Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:51.962046038Z 62 PC: 12af3 | Close file
2018-12-17T22:53:51.967292631Z 79 PC: 12a7c | Find next file
2018-12-17T22:53:51.969835651Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:51.975974183Z 61 PC: 12aa1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:53:51.980429102Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:51.988804178Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:51.990897865Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:51.993838862Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:51.996280471Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:51.999211496Z 62 PC: 12af3 | Close file
2018-12-17T22:53:52.006907977Z 79 PC: 12a7c | Find next file
2018-12-17T22:53:52.009464849Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:52.022696157Z 61 PC: 12aa1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:53:52.02952774Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:52.036030283Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:52.038722264Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:52.040556276Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:52.041967473Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:52.044545946Z 62 PC: 12af3 | Close file
2018-12-17T22:53:52.049326003Z 79 PC: 12a7c | Find next file
2018-12-17T22:53:52.051067265Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:52.057737511Z 61 PC: 12aa1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:53:52.06184075Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:52.065780215Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:52.067453772Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:52.069495826Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:52.070579003Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:52.076055878Z 62 PC: 12af3 | Close file
2018-12-17T22:53:52.081283274Z 79 PC: 12a7c | Find next file
2018-12-17T22:53:52.083232306Z 67 PC: 12a9c | Get or set file attributes
2018-12-17T22:53:52.091711398Z 61 PC: 12aa1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:53:52.096037286Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:52.100544636Z 66 PC: 12acd | Move file pointer
2018-12-17T22:53:52.102321148Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:52.104191926Z 66 PC: 12ae0 | Move file pointer
2018-12-17T22:53:52.105372907Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-17T22:53:52.107435469Z 62 PC: 12af3 | Close file
2018-12-17T22:53:52.112972441Z 79 PC: 12a7c | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11361,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:24.479943172Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 0xb
0x12a5e: jne 0x12a63
0x12a60: jmp 0x12af6
0x12a63: mov dx, 0x1c0
0x12a66: mov ah, 0x4e
0x12a68: mov cx, 1
0x12a6b: int 0x21
0x12a6d: jae 0x12a72
0x12a6f: jmp 0x12a84
0x12a72: call 0x12a89
0x12a75: mov dx, 0x80
0x12a78: mov ah, 0x4f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x12a84
0x12a81: jmp 0x12a72
0x12a84: mov di, 0x100
0x12a87: jmp di
0x12a89: lea dx, word ptr [0x9e]
0x12a8d: cmp word ptr [bp + 0xa3], 0x444e
2018-12-25T12:30:24.481917922Z 78 PC: 12a6d | Find first file
2018-12-25T12:30:24.485624382Z 67 PC: 12a9c | Get or set file attributes
2018-12-25T12:30:24.499901681Z 61 PC: 12aa1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:24.506688807Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:24.51324901Z 66 PC: 12acd | Move file pointer
2018-12-25T12:30:24.514579257Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:24.517320299Z 66 PC: 12ae0 | Move file pointer
2018-12-25T12:30:24.519353481Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-25T12:30:24.527545467Z 62 PC: 12af3 | Close file
2018-12-25T12:30:24.535540344Z 79 PC: 12a7c | Find next file
2018-12-25T12:30:24.538561684Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:24.547946701Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:24.555523315Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:24.562036624Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:24.563313248Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:24.565864343Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:24.567938694Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:24.570929571Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:24.57848204Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:24.582151629Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:24.591662697Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:24.603213373Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:24.609961653Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:24.61168923Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:24.61440696Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:24.616425294Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:24.61915195Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:24.626573098Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:24.630159798Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:24.639692947Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:24.646283275Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:24.652741088Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:24.654884881Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:24.657497059Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:24.658941524Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:24.663000606Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:24.671029156Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:24.673719442Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:24.684241954Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:24.691102868Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:24.697182553Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:24.698918892Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:24.701611852Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:24.703027422Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:24.706738777Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:24.714249948Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:24.716764476Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:24.72683427Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:24.738099102Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:24.742239962Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:24.743687781Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:24.74544672Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:24.746563675Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:24.757913546Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:24.763468219Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:24.765265271Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:24.771984016Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:24.776015716Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:24.780053819Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:24.781285634Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:24.783172946Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:24.784401865Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:24.786585925Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:24.791460733Z 79 PC: 12a7c | Find next file (See above)

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11361,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:24.67121985Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 0xb
0x12a5e: jne 0x12a63
0x12a60: jmp 0x12af6
0x12a63: mov dx, 0x1c0
0x12a66: mov ah, 0x4e
0x12a68: mov cx, 1
0x12a6b: int 0x21
0x12a6d: jae 0x12a72
0x12a6f: jmp 0x12a84
0x12a72: call 0x12a89
0x12a75: mov dx, 0x80
0x12a78: mov ah, 0x4f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x12a84
0x12a81: jmp 0x12a72
0x12a84: mov di, 0x100
0x12a87: jmp di
0x12a89: lea dx, word ptr [0x9e]
0x12a8d: cmp word ptr [bp + 0xa3], 0x444e
2018-12-25T12:30:24.674906008Z 9 PC: 12afe | Display string (String= 'Hello, here's da Jerk Virus! Have a nice day... bRotHer S. 1997')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11361,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:24.849597183Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 0xb
0x12a5e: jne 0x12a63
0x12a60: jmp 0x12af6
0x12a63: mov dx, 0x1c0
0x12a66: mov ah, 0x4e
0x12a68: mov cx, 1
0x12a6b: int 0x21
0x12a6d: jae 0x12a72
0x12a6f: jmp 0x12a84
0x12a72: call 0x12a89
0x12a75: mov dx, 0x80
0x12a78: mov ah, 0x4f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x12a84
0x12a81: jmp 0x12a72
0x12a84: mov di, 0x100
0x12a87: jmp di
0x12a89: lea dx, word ptr [0x9e]
0x12a8d: cmp word ptr [bp + 0xa3], 0x444e
2018-12-25T12:30:24.856089891Z 9 PC: 12afe | Display string (String= 'Hello, here's da Jerk Virus! Have a nice day... bRotHer S. 1997')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11361,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:25.042332049Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 0xb
0x12a5e: jne 0x12a63
0x12a60: jmp 0x12af6
0x12a63: mov dx, 0x1c0
0x12a66: mov ah, 0x4e
0x12a68: mov cx, 1
0x12a6b: int 0x21
0x12a6d: jae 0x12a72
0x12a6f: jmp 0x12a84
0x12a72: call 0x12a89
0x12a75: mov dx, 0x80
0x12a78: mov ah, 0x4f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x12a84
0x12a81: jmp 0x12a72
0x12a84: mov di, 0x100
0x12a87: jmp di
0x12a89: lea dx, word ptr [0x9e]
0x12a8d: cmp word ptr [bp + 0xa3], 0x444e
2018-12-25T12:30:25.049818447Z 78 PC: 12a6d | Find first file
2018-12-25T12:30:25.055817916Z 67 PC: 12a9c | Get or set file attributes
2018-12-25T12:30:25.073100529Z 61 PC: 12aa1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:25.079883329Z 63 PC: 12aaf | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:25.087797389Z 66 PC: 12acd | Move file pointer
2018-12-25T12:30:25.089086319Z 64 PC: 12ad8 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:25.091997529Z 66 PC: 12ae0 | Move file pointer
2018-12-25T12:30:25.093335614Z 64 PC: 12aeb | Write file or device (Write 268 bytes on handle 5)
2018-12-25T12:30:25.101078451Z 62 PC: 12af3 | Close file
2018-12-25T12:30:25.11069621Z 79 PC: 12a7c | Find next file
2018-12-25T12:30:25.113221054Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:25.12281788Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:25.129422941Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:25.135846668Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:25.137919252Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:25.140483534Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:25.142495739Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:25.14529483Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:25.153275418Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:25.156600622Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:25.1660318Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:25.172335524Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:25.179124885Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:25.18046888Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:25.183018279Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:25.18490891Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:25.187558057Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:25.196004232Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:25.199317898Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:25.20948192Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:25.216008358Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:25.223427848Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:25.224927077Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:25.227148901Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:25.229624415Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:25.232322037Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:25.239944503Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:25.242697751Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:25.253186724Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:25.260056965Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:25.266546053Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:25.268555347Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:25.273149579Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:25.274792487Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:25.278116886Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:25.285524314Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:25.288055819Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:25.298027569Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:25.304485448Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:25.310672124Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:25.312771354Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:25.315399194Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:25.316708075Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:25.326132001Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:25.334529811Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T12:30:25.337032557Z 67 PC: 12a9c | Get or set file attributes (See above)
2018-12-25T12:30:25.347832062Z 61 PC: 12aa1 | Open file (See above)
2018-12-25T12:30:25.35428759Z 63 PC: 12aaf | Read file or device (See above)
2018-12-25T12:30:25.360472377Z 66 PC: 12acd | Move file pointer (See above)
2018-12-25T12:30:25.362495646Z 64 PC: 12ad8 | Write file or device (See above)
2018-12-25T12:30:25.365045667Z 66 PC: 12ae0 | Move file pointer (See above)
2018-12-25T12:30:25.366335417Z 64 PC: 12aeb | Write file or device (See above)
2018-12-25T12:30:25.369483716Z 62 PC: 12af3 | Close file (See above)
2018-12-25T12:30:25.377170384Z 79 PC: 12a7c | Find next file (See above)