Sample viewer

vx.netlux.org/Virus.DOS.Thrasher.1361

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:46.528506174Z 71 PC: 12c84 | Get current directory
2018-12-17T23:09:46.531435239Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:46.533611559Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:46.539180996Z 25 PC: 12a81 | Get default drive
2018-12-17T23:09:46.54050812Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-17T23:09:46.543004121Z 59 PC: 12a97 | Change current directory
2018-12-17T23:09:46.568544441Z 26 PC: 12a9f | Set disk transfer address
2018-12-17T23:09:46.570158765Z 78 PC: 12aaa | Find first file
2018-12-17T23:09:46.577820855Z 78 PC: 12b30 | Find first file
2018-12-17T23:09:46.584442029Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:46.591514921Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:46.593756504Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:46.603741479Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:46.952197579Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:46.955377215Z 59 PC: 12bd1 | Change current directory
2018-12-17T23:09:46.962526311Z 25 PC: 12bda | Get default drive
2018-12-17T23:09:46.970212826Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-17T23:09:46.973473504Z 78 PC: 12aaa | Find first file
2018-12-17T23:09:46.985906791Z 78 PC: 12b30 | Find first file
2018-12-17T23:09:46.997143048Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.009826525Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.013682051Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.015879741Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.018572622Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.031551264Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.033419986Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.036604631Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.039205319Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.058214544Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.06056438Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.073047581Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.07846397Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.090255581Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.093065482Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.096944763Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.099751558Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.114434913Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.117533526Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.124104125Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.12699071Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.143033861Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.145414225Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.158955734Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.163120421Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.17041481Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.172019085Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.174554881Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.176195514Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.183590853Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.185352935Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.189873831Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.191489277Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.200907047Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.203629383Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.212663411Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.216039857Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.224268822Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.226436526Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.228583932Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.231496085Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.239299099Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.241376083Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.245366001Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.247262045Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.256678913Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.2593485Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.268734369Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.271838794Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.279285168Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.282043452Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.28418119Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.286260718Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.294649724Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.296784626Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.300235411Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.303364522Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.314566605Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.316409609Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.326336916Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.329304513Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.337070609Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.339557603Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.341343819Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.342923989Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.349769354Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.351923473Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.354865752Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.356487119Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.373864688Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.375719594Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.385219819Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.389267245Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.396339527Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.397886634Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.402078142Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.403989173Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.411692902Z 66 PC: 12b9c | Move file pointer
2018-12-17T23:09:47.413193231Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:09:47.416714008Z 66 PC: 12baf | Move file pointer
2018-12-17T23:09:47.419030402Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-17T23:09:47.428129512Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.431005627Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.439801348Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.4425163Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-17T23:09:47.450138706Z 87 PC: 12ca4 | Get or set file date and time
2018-12-17T23:09:47.452069644Z 66 PC: 12b63 | Move file pointer
2018-12-17T23:09:47.453841314Z 66 PC: 12b72 | Move file pointer
2018-12-17T23:09:47.457002686Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:47.460036517Z 87 PC: 12d11 | Get or set file date and time
2018-12-17T23:09:47.461790303Z 62 PC: 12bc6 | Close file
2018-12-17T23:09:47.470034226Z 79 PC: 12b39 | Find next file
2018-12-17T23:09:47.472628713Z 59 PC: 12bd1 | Change current directory
2018-12-17T23:09:47.477094916Z 25 PC: 12bda | Get default drive
2018-12-17T23:09:47.479584575Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-17T23:09:47.482584203Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-17T23:09:47.484846134Z 59 PC: 12c36 | Change current directory
2018-12-17T23:09:47.48702554Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:47.488837345Z 26 PC: 12c76 | Set disk transfer address

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16641,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.198378747Z 71 PC: 12c84 | Get current directory
2018-12-25T12:53:34.202791859Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.20435199Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.20576835Z 25 PC: 12a81 | Get default drive
2018-12-25T12:53:34.207404044Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-25T12:53:34.210743828Z 59 PC: 12a97 | Change current directory
2018-12-25T12:53:34.222961088Z 26 PC: 12a9f | Set disk transfer address
2018-12-25T12:53:34.224511852Z 78 PC: 12aaa | Find first file
2018-12-25T12:53:34.236600106Z 78 PC: 12b30 | Find first file
2018-12-25T12:53:34.242986455Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-25T12:53:34.250233707Z 87 PC: 12ca4 | Get or set file date and time
2018-12-25T12:53:34.253414521Z 87 PC: 12d11 | Get or set file date and time
2018-12-25T12:53:34.255433919Z 62 PC: 12bc6 | Close file
2018-12-25T12:53:35.933221763Z 79 PC: 12b39 | Find next file
2018-12-25T12:53:35.937048104Z 59 PC: 12bd1 | Change current directory
2018-12-25T12:53:35.941836152Z 25 PC: 12bda | Get default drive
2018-12-25T12:53:35.943558032Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-25T12:53:35.945719997Z 78 PC: 12aaa | Find first file (See above)
2018-12-25T12:53:35.953282002Z 78 PC: 12b30 | Find first file (See above)
2018-12-25T12:53:35.959779987Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.966999927Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.969261439Z 66 PC: 12b63 | Move file pointer
2018-12-25T12:53:35.971848948Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:53:35.973705807Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:35.981945418Z 66 PC: 12b9c | Move file pointer
2018-12-25T12:53:35.989079951Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:35.992223705Z 66 PC: 12baf | Move file pointer
2018-12-25T12:53:35.995376292Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-25T12:53:36.029790697Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.033874545Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.044401316Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.048404546Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.056020274Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.057729142Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.059923937Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.062312869Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.069843948Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.072849607Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.076274862Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.078288699Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.088867429Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.091434418Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.100289421Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.104381201Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.112365694Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.114360208Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.116353306Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.119147458Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.126596803Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.12844434Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.133344159Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.135281362Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.144973426Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.147856151Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.156634359Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.159821197Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.169091323Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.170857264Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.172482361Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.174236959Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.181623711Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.182925253Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.185993019Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.188351435Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.199536743Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.201658567Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.210700409Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.213744769Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.221242829Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.223344116Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.225051601Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.226601738Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.23485442Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.236373503Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.239253147Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.241848123Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.252124384Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.254139781Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.263778308Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.268151976Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.275796405Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.277557234Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.279870926Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.281378911Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.288850193Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.291000679Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.2942564Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.296611731Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.307207756Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.309869557Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.319345096Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.323576314Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.331082826Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.332792567Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.335289902Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.337039102Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.344714076Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.346674896Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.351722982Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.353937304Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.363847016Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.367201457Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.376109027Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.379420858Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.388004001Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.39039514Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.39248417Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.395278167Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.39888556Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.400999977Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.409871157Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.413833574Z 59 PC: 12bd1 | Change current directory (See above)
2018-12-25T12:53:36.41887343Z 25 PC: 12bda | Get default drive (See above)
2018-12-25T12:53:36.420504258Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-25T12:53:36.424378816Z 9 PC: 12bfd | Display string (Could not find end pointer)
2018-12-25T12:53:36.442298461Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-25T12:53:36.443736248Z 59 PC: 12c36 | Change current directory
2018-12-25T12:53:36.446791471Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:36.448204379Z 26 PC: 12c76 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16641,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.190296819Z 71 PC: 12c84 | Get current directory
2018-12-25T12:53:34.194075422Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.195718427Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.197317787Z 25 PC: 12a81 | Get default drive
2018-12-25T12:53:34.199736238Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-25T12:53:34.202534078Z 59 PC: 12a97 | Change current directory
2018-12-25T12:53:34.214307875Z 26 PC: 12a9f | Set disk transfer address
2018-12-25T12:53:34.216281594Z 78 PC: 12aaa | Find first file
2018-12-25T12:53:34.223360483Z 78 PC: 12b30 | Find first file
2018-12-25T12:53:34.229635229Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-25T12:53:34.236637764Z 87 PC: 12ca4 | Get or set file date and time
2018-12-25T12:53:34.239646052Z 87 PC: 12d11 | Get or set file date and time
2018-12-25T12:53:34.241737759Z 62 PC: 12bc6 | Close file
2018-12-25T12:53:35.935073534Z 79 PC: 12b39 | Find next file
2018-12-25T12:53:35.939672485Z 59 PC: 12bd1 | Change current directory
2018-12-25T12:53:35.944157103Z 25 PC: 12bda | Get default drive
2018-12-25T12:53:35.945991804Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-25T12:53:35.94841527Z 78 PC: 12aaa | Find first file (See above)
2018-12-25T12:53:35.955280027Z 78 PC: 12b30 | Find first file (See above)
2018-12-25T12:53:35.962606745Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.971518484Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.973363218Z 66 PC: 12b63 | Move file pointer
2018-12-25T12:53:35.974906002Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:53:35.976641897Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:35.984514975Z 66 PC: 12b9c | Move file pointer
2018-12-25T12:53:35.98643299Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:35.989765776Z 66 PC: 12baf | Move file pointer
2018-12-25T12:53:35.992720062Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-25T12:53:36.029165058Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.03128787Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.041655199Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.044857207Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.052780609Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.055109934Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.056873016Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.058542299Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.066136107Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.068196516Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.071253093Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.073237394Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.083515534Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.085605514Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.093611701Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.096304851Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.100661228Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.101806639Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.103566609Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.104813478Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.109177403Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.110996982Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.113053985Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.114319715Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.121740584Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.123327772Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.128832311Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.133328235Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.138546829Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.139858947Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.143597973Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.145230322Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.152756604Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.155014444Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.158788477Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.1605782Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.169775143Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.172120075Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.178032566Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.179869562Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.185040816Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.186247574Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.187455473Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.189620523Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.195125451Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.196333543Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.199416414Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.200623417Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.206576002Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.208498606Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.214218258Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.216283457Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.221220295Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.223981703Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.226248371Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.228057574Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.236411213Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.237728962Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.239796884Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.24158615Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.248120796Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.249757544Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.256335878Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.258793393Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.264694365Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.270759238Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.272112333Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.273435123Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.279080169Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.280913217Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.283179801Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.290474619Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.300474677Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.302644385Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.312118294Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.31452554Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.319023626Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.320210415Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.32189159Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.323003911Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.325256404Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.327069837Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.33195642Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.340826522Z 59 PC: 12bd1 | Change current directory (See above)
2018-12-25T12:53:36.347476443Z 25 PC: 12bda | Get default drive (See above)
2018-12-25T12:53:36.349335797Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-25T12:53:36.352177148Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-25T12:53:36.362083771Z 59 PC: 12c36 | Change current directory
2018-12-25T12:53:36.367192369Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:36.369638403Z 26 PC: 12c76 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16641,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.292309568Z 71 PC: 12c84 | Get current directory
2018-12-25T12:53:34.295823523Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.298995616Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.301460501Z 25 PC: 12a81 | Get default drive
2018-12-25T12:53:34.303811099Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-25T12:53:34.307256147Z 59 PC: 12a97 | Change current directory
2018-12-25T12:53:34.320760001Z 26 PC: 12a9f | Set disk transfer address
2018-12-25T12:53:34.322086465Z 78 PC: 12aaa | Find first file
2018-12-25T12:53:34.329283661Z 78 PC: 12b30 | Find first file
2018-12-25T12:53:34.336750025Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-25T12:53:34.343821287Z 87 PC: 12ca4 | Get or set file date and time
2018-12-25T12:53:34.349181202Z 87 PC: 12d11 | Get or set file date and time
2018-12-25T12:53:34.351280373Z 62 PC: 12bc6 | Close file
2018-12-25T12:53:35.935059198Z 79 PC: 12b39 | Find next file
2018-12-25T12:53:35.937944527Z 59 PC: 12bd1 | Change current directory
2018-12-25T12:53:35.942476256Z 25 PC: 12bda | Get default drive
2018-12-25T12:53:35.943782139Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-25T12:53:35.945756061Z 78 PC: 12aaa | Find first file (See above)
2018-12-25T12:53:35.954324558Z 78 PC: 12b30 | Find first file (See above)
2018-12-25T12:53:35.961310203Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.969013588Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.972053503Z 66 PC: 12b63 | Move file pointer
2018-12-25T12:53:35.974469093Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:53:35.976387726Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:35.985176478Z 66 PC: 12b9c | Move file pointer
2018-12-25T12:53:35.986936599Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:35.990090637Z 66 PC: 12baf | Move file pointer
2018-12-25T12:53:35.99236325Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-25T12:53:36.030088939Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.037799122Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.047158408Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.051699691Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.059559271Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.061176921Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.063660328Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.065251838Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.078713944Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.081200735Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.084128264Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.085765176Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.095488486Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.09735804Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.105626139Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.108689476Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.116248686Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.117681466Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.119063632Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.120837048Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.128073177Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.129506473Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.132739924Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.134284672Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.144093052Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.146420369Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.15499528Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.15792666Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.166167086Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.16749426Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.16941418Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.172674668Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.178126303Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.179243116Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.181291875Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.182839701Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.192174415Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.194140149Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.203579005Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.206366338Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.212213566Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.214455537Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.216089167Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.21726098Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.222066186Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.2234808Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.226300963Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.228320394Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.234134244Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.235511456Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.241046467Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.24413801Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.248497111Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.250193303Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.253923568Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.255485442Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.261045055Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.263686887Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.266901416Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.268760762Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.279269131Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.281638832Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.292401974Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.296749052Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.304747719Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.306736612Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.308701485Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.311379842Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.318601667Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.320425742Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.324396875Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.326787003Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.336318619Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.339108073Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.34935653Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.353369023Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.362224332Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.364067106Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.365983364Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.369069131Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.372967945Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.374811553Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.383091384Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.386794767Z 59 PC: 12bd1 | Change current directory (See above)
2018-12-25T12:53:36.391661345Z 25 PC: 12bda | Get default drive (See above)
2018-12-25T12:53:36.393235827Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-25T12:53:36.396721119Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-25T12:53:36.398192165Z 59 PC: 12c36 | Change current directory
2018-12-25T12:53:36.400192807Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:36.402399153Z 26 PC: 12c76 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16641,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.44011401Z 71 PC: 12c84 | Get current directory
2018-12-25T12:53:34.444492311Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.445954124Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.447273018Z 25 PC: 12a81 | Get default drive
2018-12-25T12:53:34.448804499Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-25T12:53:34.451141649Z 59 PC: 12a97 | Change current directory
2018-12-25T12:53:34.4630098Z 26 PC: 12a9f | Set disk transfer address
2018-12-25T12:53:34.464224862Z 78 PC: 12aaa | Find first file
2018-12-25T12:53:34.470779876Z 78 PC: 12b30 | Find first file
2018-12-25T12:53:34.476719062Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-25T12:53:34.483328952Z 87 PC: 12ca4 | Get or set file date and time
2018-12-25T12:53:34.48561595Z 87 PC: 12d11 | Get or set file date and time
2018-12-25T12:53:34.488294851Z 62 PC: 12bc6 | Close file
2018-12-25T12:53:35.934925453Z 79 PC: 12b39 | Find next file
2018-12-25T12:53:35.939010043Z 59 PC: 12bd1 | Change current directory
2018-12-25T12:53:35.944343931Z 25 PC: 12bda | Get default drive
2018-12-25T12:53:35.945642243Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-25T12:53:35.948042799Z 78 PC: 12aaa | Find first file (See above)
2018-12-25T12:53:35.954735948Z 78 PC: 12b30 | Find first file (See above)
2018-12-25T12:53:35.96117415Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.968708888Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.971530906Z 66 PC: 12b63 | Move file pointer
2018-12-25T12:53:35.973462789Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:53:35.975347833Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:35.983734321Z 66 PC: 12b9c | Move file pointer
2018-12-25T12:53:35.985639721Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:35.988799213Z 66 PC: 12baf | Move file pointer
2018-12-25T12:53:35.991569364Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-25T12:53:36.029047506Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.041145978Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.051069485Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.054649507Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.061916015Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.064321609Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.065835581Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.067121917Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.075311893Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.077133269Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.080273997Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.081875914Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.093173249Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.094813661Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.103444378Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.106822198Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.114386746Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.11715898Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.12039245Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.122313505Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.129701177Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.132205053Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.13541567Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.137186859Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.147760057Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.149840992Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.159449043Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.162342594Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.170844887Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.173542965Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.175532568Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.178749407Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.185989593Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.187026691Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.189663532Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.19154259Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.201859793Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.204692538Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.21405157Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.217201389Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.225505115Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.227349531Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.229332194Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.231792521Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.239293447Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.24126144Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.245988449Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.248095931Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.256516788Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.258944364Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.265890969Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.267875769Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.272235362Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.274007741Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.275309653Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.276706674Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.284589492Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.286261376Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.289484658Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.291606488Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.301065957Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.302399257Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.308326929Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.311061548Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.31586184Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.318115038Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.319702751Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.321280305Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.328857214Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.33057118Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.333427449Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.33976192Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.349186466Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.350821892Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.359876857Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.36276532Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.370170128Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.372426413Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.374137802Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.375694511Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.379151151Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.380973566Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.389175768Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.392911231Z 59 PC: 12bd1 | Change current directory (See above)
2018-12-25T12:53:36.398308628Z 25 PC: 12bda | Get default drive (See above)
2018-12-25T12:53:36.399962378Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-25T12:53:36.403040993Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-25T12:53:36.405862382Z 59 PC: 12c36 | Change current directory
2018-12-25T12:53:36.408257363Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:36.409649816Z 26 PC: 12c76 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16641,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.570988379Z 71 PC: 12c84 | Get current directory
2018-12-25T12:53:34.577763986Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.578985892Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.580327185Z 25 PC: 12a81 | Get default drive
2018-12-25T12:53:34.58187079Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-25T12:53:34.583082649Z 59 PC: 12a97 | Change current directory
2018-12-25T12:53:34.594726837Z 26 PC: 12a9f | Set disk transfer address
2018-12-25T12:53:34.59602669Z 78 PC: 12aaa | Find first file
2018-12-25T12:53:34.601581699Z 78 PC: 12b30 | Find first file
2018-12-25T12:53:34.606937767Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-25T12:53:34.613574744Z 87 PC: 12ca4 | Get or set file date and time
2018-12-25T12:53:34.614853597Z 87 PC: 12d11 | Get or set file date and time
2018-12-25T12:53:34.616123448Z 62 PC: 12bc6 | Close file
2018-12-25T12:53:35.031956329Z 79 PC: 12b39 | Find next file
2018-12-25T12:53:35.034580626Z 59 PC: 12bd1 | Change current directory
2018-12-25T12:53:35.037874676Z 25 PC: 12bda | Get default drive
2018-12-25T12:53:35.038956677Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-25T12:53:35.040429622Z 78 PC: 12aaa | Find first file (See above)
2018-12-25T12:53:35.046037961Z 78 PC: 12b30 | Find first file (See above)
2018-12-25T12:53:35.05148787Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.058499987Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.059719199Z 66 PC: 12b63 | Move file pointer
2018-12-25T12:53:35.060913102Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:53:35.063327432Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:35.067470246Z 66 PC: 12b9c | Move file pointer
2018-12-25T12:53:35.068483261Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:35.07486179Z 66 PC: 12baf | Move file pointer
2018-12-25T12:53:35.075969012Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-25T12:53:35.089142289Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.091605539Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.099232763Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.101842162Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.106056881Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.107256065Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.108199224Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.109344393Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.113346296Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:35.114546162Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:35.116382332Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:35.118953412Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:35.124163585Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.12510177Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.129935121Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.131543543Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.135373293Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.136814351Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.137793451Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.139075817Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.143619051Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:35.144691057Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:35.1472853Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:35.149968857Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:35.158079314Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.159431341Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.167348022Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.169718783Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.175867035Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.177989282Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.179274768Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.180519385Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.187410539Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:35.188717135Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:35.191188359Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:35.193062653Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:35.201659363Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.203406111Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.212167072Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.215064634Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.222249273Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.224778321Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.22644882Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.228045839Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.237249179Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:35.238844902Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:35.241620278Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:35.244120569Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:35.252558877Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.254465461Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.262131499Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.264491825Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.270701794Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.272530198Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.273795452Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.274978476Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.281015844Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:35.282142106Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:35.2844713Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:35.285737345Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:35.294390827Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.295669159Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.30286403Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.305235774Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.311506852Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.313373983Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.314602972Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.315804509Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.321910717Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:35.323097945Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:35.325432104Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:35.327748155Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:35.335813081Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.337099453Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.344881333Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.347190315Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.353241451Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.355627899Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:35.356895782Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:35.358039141Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:35.360955784Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:35.374918516Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:35.381615814Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:35.384728925Z 59 PC: 12bd1 | Change current directory (See above)
2018-12-25T12:53:35.38863308Z 25 PC: 12bda | Get default drive (See above)
2018-12-25T12:53:35.389629572Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-25T12:53:35.392405503Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-25T12:53:35.393550639Z 59 PC: 12c36 | Change current directory
2018-12-25T12:53:35.395228477Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:35.396713896Z 26 PC: 12c76 | Set disk transfer address

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16641,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:34.607580942Z 71 PC: 12c84 | Get current directory
2018-12-25T12:53:34.612093287Z 53 PC: 12c8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.61355192Z 37 PC: 12c9b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:34.615158Z 25 PC: 12a81 | Get default drive
2018-12-25T12:53:34.616781425Z 14 PC: 12a8f | Set default drive (Drive = 'C')
2018-12-25T12:53:34.618654915Z 59 PC: 12a97 | Change current directory
2018-12-25T12:53:34.630366214Z 26 PC: 12a9f | Set disk transfer address
2018-12-25T12:53:34.631639817Z 78 PC: 12aaa | Find first file
2018-12-25T12:53:34.646226914Z 78 PC: 12b30 | Find first file
2018-12-25T12:53:34.652542225Z 61 PC: 12b47 | Open file (Filename = '+�H�!r%P�+£`��X�N�O������I�!��')
2018-12-25T12:53:34.66035471Z 87 PC: 12ca4 | Get or set file date and time
2018-12-25T12:53:34.662818138Z 87 PC: 12d11 | Get or set file date and time
2018-12-25T12:53:34.665542498Z 62 PC: 12bc6 | Close file
2018-12-25T12:53:35.935360303Z 79 PC: 12b39 | Find next file
2018-12-25T12:53:35.939737219Z 59 PC: 12bd1 | Change current directory
2018-12-25T12:53:35.944727216Z 25 PC: 12bda | Get default drive
2018-12-25T12:53:35.94640149Z 14 PC: 12be4 | Set default drive (Drive = 'A')
2018-12-25T12:53:35.948735551Z 78 PC: 12aaa | Find first file (See above)
2018-12-25T12:53:35.955615494Z 78 PC: 12b30 | Find first file (See above)
2018-12-25T12:53:35.962135545Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:35.96958351Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:35.971608709Z 66 PC: 12b63 | Move file pointer
2018-12-25T12:53:35.973350342Z 66 PC: 12b72 | Move file pointer
2018-12-25T12:53:35.975030565Z 63 PC: 12b7d | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:35.982850273Z 66 PC: 12b9c | Move file pointer
2018-12-25T12:53:35.984725499Z 64 PC: 12ba7 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:53:35.987964789Z 66 PC: 12baf | Move file pointer
2018-12-25T12:53:36.002909788Z 64 PC: 12bbf | Write file or device (Write 1361 bytes on handle 5)
2018-12-25T12:53:36.038340567Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.040419712Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.051689299Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.055140631Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.06307535Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.06809881Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.070114005Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.072006849Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.081057871Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.082722208Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.086426573Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.088582841Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.099016765Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.101333467Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.111879307Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.11762408Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.125344904Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.127416704Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.130485141Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.132846168Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.140467972Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.143246255Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.149314956Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.150780221Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.160414062Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.163318457Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.172793866Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.176544761Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.186579479Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.188936392Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.192206578Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.194862194Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.203250664Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.205264445Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.209315884Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.211425112Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.222149376Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.224849683Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.233696882Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.237162202Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.245364327Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.247484569Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.249177621Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.250794352Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.258495051Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.260150608Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.263126297Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.265402677Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.278035918Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.283217318Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.292769118Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.296218751Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.304041887Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.306066706Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.307684202Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.309537694Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.317779594Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.320094689Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.32343835Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.325750477Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.335925827Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.337946494Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.347501215Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.350785692Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.358878524Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.360553334Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.363037745Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.364488222Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.37134711Z 66 PC: 12b9c | Move file pointer (See above)
2018-12-25T12:53:36.373736566Z 64 PC: 12ba7 | Write file or device (See above)
2018-12-25T12:53:36.376816054Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:53:36.378446084Z 64 PC: 12bbf | Write file or device (See above)
2018-12-25T12:53:36.388560116Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.390221207Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.39884535Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.40265314Z 61 PC: 12b47 | Open file (See above)
2018-12-25T12:53:36.410361507Z 87 PC: 12ca4 | Get or set file date and time (See above)
2018-12-25T12:53:36.412004542Z 66 PC: 12b63 | Move file pointer (See above)
2018-12-25T12:53:36.413648265Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T12:53:36.415302777Z 63 PC: 12b7d | Read file or device (See above)
2018-12-25T12:53:36.418122196Z 87 PC: 12d11 | Get or set file date and time (See above)
2018-12-25T12:53:36.420564055Z 62 PC: 12bc6 | Close file (See above)
2018-12-25T12:53:36.428892283Z 79 PC: 12b39 | Find next file (See above)
2018-12-25T12:53:36.432009643Z 59 PC: 12bd1 | Change current directory (See above)
2018-12-25T12:53:36.437050142Z 25 PC: 12bda | Get default drive (See above)
2018-12-25T12:53:36.439911993Z 42 PC: 12beb | Get date 0x12beb: cmp dh, 0xc
0x12bee: jne 0x12c26
0x12bf0: cmp dl, 0x19
0x12bf3: jne 0x12c26
0x12bf5: mov ah, 9
0x12bf7: lea dx, word ptr [bp + 0x4c4]
0x12bfb: int 0x21
0x12bfd: mov ah, 1
0x12bff: mov dx, 0
0x12c02: int 0x17
0x12c04: lea si, word ptr [bp + 0x540]
0x12c08: mov cx, 0x115
0x12c0b: mov ah, 0
0x12c0d: lodsb al, byte ptr [si]
0x12c0e: int 0x17
0x12c10: loop 0x12c0b
0x12c12: mov ah, 3
0x12c14: mov al, 1
0x12c16: mov ch, 1
0x12c18: mov cl, 1
2018-12-25T12:53:36.442779849Z 9 PC: 12bfd | Display string (Could not find end pointer)
2018-12-25T12:53:36.459933921Z 14 PC: 12c2e | Set default drive (Drive = 'A')
2018-12-25T12:53:36.462202302Z 59 PC: 12c36 | Change current directory
2018-12-25T12:53:36.464199313Z 37 PC: 12d1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:36.465503667Z 26 PC: 12c76 | Set disk transfer address