Sample viewer

vx.netlux.org/Virus.DOS.Mahon.1360

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:58.691855692Z 26 PC: 12a91 | Set disk transfer address
2018-12-17T21:53:58.694132962Z 53 PC: 12a96 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:58.695682226Z 37 PC: 12aa7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:58.697058893Z 71 PC: 12ab0 | Get current directory
2018-12-17T21:53:58.700157499Z 78 PC: 12abb | Find first file
2018-12-17T21:53:58.707172865Z 78 PC: 12b43 | Find first file
2018-12-17T21:53:58.71304474Z 78 PC: 12bc1 | Find first file
2018-12-17T21:53:58.719053392Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:58.731682443Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:58.733399379Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:58.740383248Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:58.743353431Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:58.746360338Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:58.7480419Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:58.778216533Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:58.779820639Z 62 PC: 12c4a | Close file
2018-12-17T21:53:58.78750481Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:58.790430579Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:58.803969381Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:58.805618552Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:58.827275985Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:58.841608349Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:58.844184176Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:58.845533637Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:58.854231959Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:58.856017943Z 62 PC: 12c4a | Close file
2018-12-17T21:53:58.865565032Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:58.876290656Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:58.896368866Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:58.89803148Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:58.91620804Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:58.917560548Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:58.920142003Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:58.922704466Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:58.945910177Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:58.958917871Z 62 PC: 12c4a | Close file
2018-12-17T21:53:58.967891817Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:58.970646411Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:58.9778025Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:58.980005484Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:58.994314032Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:58.996739426Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:59.000948064Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:59.002636605Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:59.011859481Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:59.013444268Z 62 PC: 12c4a | Close file
2018-12-17T21:53:59.021848892Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:59.02497509Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:59.03293975Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:59.035697097Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:59.043574104Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:59.045374587Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:59.049309919Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:59.0507727Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:59.060767897Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:59.063732797Z 62 PC: 12c4a | Close file
2018-12-17T21:53:59.072172257Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:59.076074932Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:59.083841959Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:59.085608715Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:59.092164458Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:59.094663159Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:59.097854163Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:59.099570688Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:59.109293312Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:59.111034339Z 62 PC: 12c4a | Close file
2018-12-17T21:53:59.11869408Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:59.122274189Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:59.129587277Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:59.131231483Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:59.138896694Z 66 PC: 12d03 | Move file pointer
2018-12-17T21:53:59.140676393Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:53:59.144277178Z 66 PC: 12d0c | Move file pointer
2018-12-17T21:53:59.146146748Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-17T21:53:59.155521774Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:59.157265179Z 62 PC: 12c4a | Close file
2018-12-17T21:53:59.16499007Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:59.168806956Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-17T21:53:59.175438056Z 87 PC: 12ce4 | Get or set file date and time
2018-12-17T21:53:59.177151565Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:53:59.184087957Z 87 PC: 12cfa | Get or set file date and time
2018-12-17T21:53:59.185727683Z 62 PC: 12c4a | Close file
2018-12-17T21:53:59.192961607Z 79 PC: 12c4e | Find next file
2018-12-17T21:53:59.196437421Z 59 PC: 12bd1 | Change current directory
2018-12-17T21:53:59.200765209Z 42 PC: 12c59 | Get date 0x12c59: cmp dh, 0xa
0x12c5c: jne 0x12c89
0x12c5e: nop
0x12c5f: nop
0x12c60: nop
0x12c61: cmp dl, 0x12
0x12c64: jne 0x12c89
0x12c66: nop
0x12c67: nop
0x12c68: nop
0x12c69: mov ah, 9
0x12c6b: lea dx, word ptr [bp + 0x433]
0x12c6f: int 0x21
0x12c71: xor ax, ax
0x12c73: int 0x16
0x12c75: mov ah, 3
0x12c77: mov al, 0xf
0x12c79: mov ch, 0
0x12c7b: mov cl, 1
0x12c7d: mov dh, 0
2018-12-17T21:53:59.203160519Z 37 PC: 12c92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:59.204942118Z 59 PC: 12c9a | Change current directory
2018-12-17T21:53:59.206997291Z 26 PC: 12cda | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.653239673Z 26 PC: 12a91 | Set disk transfer address
2018-12-25T11:40:53.654766665Z 53 PC: 12a96 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.655899793Z 37 PC: 12aa7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.656977266Z 71 PC: 12ab0 | Get current directory
2018-12-25T11:40:53.660460263Z 78 PC: 12abb | Find first file
2018-12-25T11:40:53.666138385Z 78 PC: 12b43 | Find first file
2018-12-25T11:40:53.671644393Z 78 PC: 12bc1 | Find first file
2018-12-25T11:40:53.677916878Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-25T11:40:53.684932162Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:40:53.685883199Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:40:53.702472317Z 66 PC: 12d03 | Move file pointer
2018-12-25T11:40:53.703875882Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:40:53.706502751Z 66 PC: 12d0c | Move file pointer
2018-12-25T11:40:53.708549597Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-25T11:40:53.884100679Z 87 PC: 12cfa | Get or set file date and time
2018-12-25T11:40:53.885763093Z 62 PC: 12c4a | Close file
2018-12-25T11:40:53.894080103Z 79 PC: 12c4e | Find next file
2018-12-25T11:40:53.897096573Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:53.901304787Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:53.90688811Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:53.916508539Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:53.917589478Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:53.919480523Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:53.92104201Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:53.926423182Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:53.928999412Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:53.934410948Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:53.936336751Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:53.942776087Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:53.945675766Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:53.952410991Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:53.954149842Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:53.958783657Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:53.960460623Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:53.969115248Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:53.97688998Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:53.984835449Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:53.987039496Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:53.991642413Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:53.993455599Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:53.997887067Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:53.999905505Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.001954696Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.006684951Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.01585984Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.017955652Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.025835288Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.028993999Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.036830034Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.038573204Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.045233282Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.046777117Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.049931147Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.051418454Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.06075058Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.062105657Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.069496862Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.072711645Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.079311903Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.080636021Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.087476768Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.088809654Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.091500127Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.093647538Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.102710387Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.104253676Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.112430061Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.114186408Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.118212515Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.119839005Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.124001423Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.125069434Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.127401531Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.128438895Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.134048137Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.13902717Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.145498239Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.148599628Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.170656864Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.173362512Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.179859035Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.186243413Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.193405183Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.196061102Z 59 PC: 12bd1 | Change current directory
2018-12-25T11:40:54.201019867Z 42 PC: 12c59 | Get date 0x12c59: cmp dh, 0xa
0x12c5c: jne 0x12c89
0x12c5e: nop
0x12c5f: nop
0x12c60: nop
0x12c61: cmp dl, 0x12
0x12c64: jne 0x12c89
0x12c66: nop
0x12c67: nop
0x12c68: nop
0x12c69: mov ah, 9
0x12c6b: lea dx, word ptr [bp + 0x433]
0x12c6f: int 0x21
0x12c71: xor ax, ax
0x12c73: int 0x16
0x12c75: mov ah, 3
0x12c77: mov al, 0xf
0x12c79: mov ch, 0
0x12c7b: mov cl, 1
0x12c7d: mov dh, 0
2018-12-25T11:40:54.203182234Z 37 PC: 12c92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:54.204901884Z 59 PC: 12c9a | Change current directory
2018-12-25T11:40:54.207724295Z 26 PC: 12cda | Set disk transfer address

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.814136505Z 26 PC: 12a91 | Set disk transfer address
2018-12-25T11:40:53.815416334Z 53 PC: 12a96 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.81774323Z 37 PC: 12aa7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.819276272Z 71 PC: 12ab0 | Get current directory
2018-12-25T11:40:53.822865114Z 78 PC: 12abb | Find first file
2018-12-25T11:40:53.831055193Z 78 PC: 12b43 | Find first file
2018-12-25T11:40:53.837591898Z 78 PC: 12bc1 | Find first file
2018-12-25T11:40:53.845605609Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-25T11:40:53.859598104Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:40:53.861613834Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:40:53.869318733Z 66 PC: 12d03 | Move file pointer
2018-12-25T11:40:53.871689417Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:40:53.875020777Z 66 PC: 12d0c | Move file pointer
2018-12-25T11:40:53.877135649Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-25T11:40:53.894014801Z 87 PC: 12cfa | Get or set file date and time
2018-12-25T11:40:53.895978888Z 62 PC: 12c4a | Close file
2018-12-25T11:40:53.904481853Z 79 PC: 12c4e | Find next file
2018-12-25T11:40:53.907272859Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:53.915964634Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:53.919090331Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:53.926683658Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:53.934600447Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:53.940168524Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:53.942011423Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:53.954744813Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:53.956740707Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:53.96514581Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:53.969261076Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:53.979769721Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:53.981427412Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:53.992412981Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:53.997914285Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.001474984Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.004173227Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.014257621Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.015911083Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.025136601Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.02942137Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.037057923Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.039104096Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.047990611Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.049968711Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.053010989Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.054860067Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.061820309Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.063154777Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.068991941Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.072074397Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.081384517Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.083428234Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.08987546Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.091001904Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.093426741Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.094683517Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.101323103Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.102759144Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.111369346Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.114232681Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.123302397Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.128726028Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.13587105Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.137055063Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.139659143Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.140782333Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.147392661Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.149223233Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.154788535Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.156681306Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.161333299Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.162446942Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.166688429Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.168307536Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.170347573Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.171412436Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.17996423Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.182196981Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.190890606Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.194385289Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.201536794Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.203189912Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.207599264Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.209476078Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.216298676Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.21825033Z 59 PC: 12bd1 | Change current directory
2018-12-25T11:40:54.221213944Z 42 PC: 12c59 | Get date 0x12c59: cmp dh, 0xa
0x12c5c: jne 0x12c89
0x12c5e: nop
0x12c5f: nop
0x12c60: nop
0x12c61: cmp dl, 0x12
0x12c64: jne 0x12c89
0x12c66: nop
0x12c67: nop
0x12c68: nop
0x12c69: mov ah, 9
0x12c6b: lea dx, word ptr [bp + 0x433]
0x12c6f: int 0x21
0x12c71: xor ax, ax
0x12c73: int 0x16
0x12c75: mov ah, 3
0x12c77: mov al, 0xf
0x12c79: mov ch, 0
0x12c7b: mov cl, 1
0x12c7d: mov dh, 0
2018-12-25T11:40:54.22273034Z 37 PC: 12c92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:54.223642501Z 59 PC: 12c9a | Change current directory
2018-12-25T11:40:54.225269015Z 26 PC: 12cda | Set disk transfer address

{"DateBased":true,"Day":18,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.819452853Z 26 PC: 12a91 | Set disk transfer address
2018-12-25T11:40:53.830073094Z 53 PC: 12a96 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.843470925Z 37 PC: 12aa7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.84620344Z 71 PC: 12ab0 | Get current directory
2018-12-25T11:40:53.851990655Z 78 PC: 12abb | Find first file
2018-12-25T11:40:53.860568262Z 78 PC: 12b43 | Find first file
2018-12-25T11:40:53.868357238Z 78 PC: 12bc1 | Find first file
2018-12-25T11:40:53.875403662Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-25T11:40:53.892645583Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:40:53.894744501Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:40:53.902930675Z 66 PC: 12d03 | Move file pointer
2018-12-25T11:40:53.905779475Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:40:53.909198001Z 66 PC: 12d0c | Move file pointer
2018-12-25T11:40:53.910896833Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-25T11:40:53.929187273Z 87 PC: 12cfa | Get or set file date and time
2018-12-25T11:40:53.931423994Z 62 PC: 12c4a | Close file
2018-12-25T11:40:53.944242469Z 79 PC: 12c4e | Find next file
2018-12-25T11:40:53.94915161Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:53.956791403Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:53.958756476Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:53.968123992Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:53.972815709Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:53.975678103Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:53.97729045Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:53.987647436Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:53.989850396Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:53.998768369Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.003013187Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.010564576Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.012557135Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.020822098Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.022912598Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.026443917Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.029403552Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.040073977Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.04189009Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.050650272Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.05404134Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.0613425Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.063082309Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.070617535Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.072301157Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.075510178Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.078333793Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.087759759Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.089542246Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.10163698Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.112891021Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.121080873Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.124754656Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.131936224Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.13382172Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.137948771Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.140871044Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.150975953Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.153110953Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.163128026Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.166456141Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.17364172Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.177620289Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.185476112Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.187437043Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.19167877Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.194051178Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.20460066Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.207387536Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.216673608Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.220067873Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.227661832Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.229723274Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.237182329Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.239047269Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.243710776Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.245453234Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.255210533Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.258065089Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.266920694Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.270118798Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.279207533Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.281233429Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.288601117Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.290529779Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.298957001Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.302052895Z 59 PC: 12bd1 | Change current directory
2018-12-25T11:40:54.307083625Z 42 PC: 12c59 | Get date 0x12c59: cmp dh, 0xa
0x12c5c: jne 0x12c89
0x12c5e: nop
0x12c5f: nop
0x12c60: nop
0x12c61: cmp dl, 0x12
0x12c64: jne 0x12c89
0x12c66: nop
0x12c67: nop
0x12c68: nop
0x12c69: mov ah, 9
0x12c6b: lea dx, word ptr [bp + 0x433]
0x12c6f: int 0x21
0x12c71: xor ax, ax
0x12c73: int 0x16
0x12c75: mov ah, 3
0x12c77: mov al, 0xf
0x12c79: mov ch, 0
0x12c7b: mov cl, 1
0x12c7d: mov dh, 0
2018-12-25T11:40:54.311366678Z 9 PC: 12c71 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.891060401Z 26 PC: 12a91 | Set disk transfer address
2018-12-25T11:40:53.893217636Z 53 PC: 12a96 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.895126694Z 37 PC: 12aa7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.896743574Z 71 PC: 12ab0 | Get current directory
2018-12-25T11:40:53.900581979Z 78 PC: 12abb | Find first file
2018-12-25T11:40:53.91100246Z 78 PC: 12b43 | Find first file
2018-12-25T11:40:53.926009623Z 78 PC: 12bc1 | Find first file
2018-12-25T11:40:53.944291937Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-25T11:40:53.957690661Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:40:53.959765081Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:40:53.967019259Z 66 PC: 12d03 | Move file pointer
2018-12-25T11:40:53.970161917Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:40:53.981173495Z 66 PC: 12d0c | Move file pointer
2018-12-25T11:40:53.989748344Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-25T11:40:54.008160324Z 87 PC: 12cfa | Get or set file date and time
2018-12-25T11:40:54.009524505Z 62 PC: 12c4a | Close file
2018-12-25T11:40:54.016352184Z 79 PC: 12c4e | Find next file
2018-12-25T11:40:54.020724277Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.025576608Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.02691919Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.032884666Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.034338161Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.036722747Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.038855887Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.044891405Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.046193043Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.061684332Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.068600358Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.075906863Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.07742482Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.085432127Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.087219546Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.090567538Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.093799574Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.104091157Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.106622727Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.123833909Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.128210982Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.136171915Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.139319482Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.147956974Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.149962603Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.153751743Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.155936636Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.165546542Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.167676688Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.177204347Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.180587424Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.189167178Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.192313348Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.202638676Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.204622855Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.208981052Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.211353166Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.221188157Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.224046281Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.233140332Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.236467269Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.245296776Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.251166641Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.258406183Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.259957684Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.266087745Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.267782022Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.27745032Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.280000334Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.288467777Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.291249753Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.300141505Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.301897073Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.310280017Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.312399762Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.316248352Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.318175129Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.328588971Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.330460531Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.339032484Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.342705629Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.349854111Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.351310201Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.355383957Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.357120459Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.364844639Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.368664623Z 59 PC: 12bd1 | Change current directory
2018-12-25T11:40:54.373925918Z 42 PC: 12c59 | Get date 0x12c59: cmp dh, 0xa
0x12c5c: jne 0x12c89
0x12c5e: nop
0x12c5f: nop
0x12c60: nop
0x12c61: cmp dl, 0x12
0x12c64: jne 0x12c89
0x12c66: nop
0x12c67: nop
0x12c68: nop
0x12c69: mov ah, 9
0x12c6b: lea dx, word ptr [bp + 0x433]
0x12c6f: int 0x21
0x12c71: xor ax, ax
0x12c73: int 0x16
0x12c75: mov ah, 3
0x12c77: mov al, 0xf
0x12c79: mov ch, 0
0x12c7b: mov cl, 1
0x12c7d: mov dh, 0
2018-12-25T11:40:54.376448349Z 37 PC: 12c92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:54.377707243Z 59 PC: 12c9a | Change current directory
2018-12-25T11:40:54.380283228Z 26 PC: 12cda | Set disk transfer address

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.993031492Z 42 PC: 12a49 | Get date 0x12a49: cmp dl, 0xd
0x12a4c: je 0x12abf
0x12a4e: cld
0x12a4f: pop bx
0x12a50: mov ax, 0xd5aa
0x12a53: int 0x21
0x12a55: cmp ax, 0x2a03
0x12a58: je 0x12aa6
0x12a5a: mov ax, sp
0x12a5c: inc ax
0x12a5d: mov cl, 4
0x12a5f: shr ax, cl
0x12a61: inc ax
0x12a62: mov dx, ss
0x12a64: add ax, dx
0x12a66: mov dx, ds
0x12a68: dec dx
0x12a69: mov es, dx
0x12a6b: xor di, di
0x12a6d: mov cx, 0x2c
2018-12-25T11:40:53.995863136Z 213 PC: 12a55 | UNKNOWN!

{"DateBased":true,"Day":18,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.982642472Z 26 PC: 12a91 | Set disk transfer address
2018-12-25T11:40:53.985323936Z 53 PC: 12a96 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.986457821Z 37 PC: 12aa7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:53.98746396Z 71 PC: 12ab0 | Get current directory
2018-12-25T11:40:53.99067192Z 78 PC: 12abb | Find first file
2018-12-25T11:40:53.996676265Z 78 PC: 12b43 | Find first file
2018-12-25T11:40:54.002511927Z 78 PC: 12bc1 | Find first file
2018-12-25T11:40:54.009171874Z 61 PC: 12be2 | Open file (Filename = '')
2018-12-25T11:40:54.020823233Z 87 PC: 12ce4 | Get or set file date and time
2018-12-25T11:40:54.02250461Z 63 PC: 12c0c | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:40:54.029386553Z 66 PC: 12d03 | Move file pointer
2018-12-25T11:40:54.031619212Z 64 PC: 12c30 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:40:54.03491995Z 66 PC: 12d0c | Move file pointer
2018-12-25T11:40:54.037657346Z 64 PC: 12c43 | Write file or device (Write 1360 bytes on handle 5)
2018-12-25T11:40:54.052502276Z 87 PC: 12cfa | Get or set file date and time
2018-12-25T11:40:54.055193099Z 62 PC: 12c4a | Close file
2018-12-25T11:40:54.064647168Z 79 PC: 12c4e | Find next file
2018-12-25T11:40:54.067945016Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.074199745Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.075580608Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.082198148Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.083415821Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.085879843Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.087743192Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.096351017Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.09813993Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.1065966Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.10961248Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.11612434Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.118181616Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.124614395Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.126959582Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.129541598Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.13074558Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.137337137Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.139128746Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.146397684Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.14943212Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.154540762Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.155948684Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.16319208Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.165579617Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.168701787Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.172478894Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.180994271Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.182215605Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.187970173Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.189838712Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.19447093Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.196329451Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.200461774Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.201734206Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.204917712Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.20619701Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.215030486Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.216996186Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.224430531Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.227064133Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.234006512Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.235875648Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.242706691Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.245444911Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.248299795Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.249753874Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.258492472Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.260181383Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.267514642Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.270371332Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.277580824Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.279000027Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.285239928Z 66 PC: 12d03 | Move file pointer (See above)
2018-12-25T11:40:54.287255821Z 64 PC: 12c30 | Write file or device (See above)
2018-12-25T11:40:54.289738873Z 66 PC: 12d0c | Move file pointer (See above)
2018-12-25T11:40:54.291039008Z 64 PC: 12c43 | Write file or device (See above)
2018-12-25T11:40:54.299790903Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.301259479Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.309020018Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.311958268Z 61 PC: 12be2 | Open file (See above)
2018-12-25T11:40:54.318372108Z 87 PC: 12ce4 | Get or set file date and time (See above)
2018-12-25T11:40:54.319874248Z 63 PC: 12c0c | Read file or device (See above)
2018-12-25T11:40:54.326462267Z 87 PC: 12cfa | Get or set file date and time (See above)
2018-12-25T11:40:54.327823744Z 62 PC: 12c4a | Close file (See above)
2018-12-25T11:40:54.334635798Z 79 PC: 12c4e | Find next file (See above)
2018-12-25T11:40:54.337235712Z 59 PC: 12bd1 | Change current directory
2018-12-25T11:40:54.341152822Z 42 PC: 12c59 | Get date 0x12c59: cmp dh, 0xa
0x12c5c: jne 0x12c89
0x12c5e: nop
0x12c5f: nop
0x12c60: nop
0x12c61: cmp dl, 0x12
0x12c64: jne 0x12c89
0x12c66: nop
0x12c67: nop
0x12c68: nop
0x12c69: mov ah, 9
0x12c6b: lea dx, word ptr [bp + 0x433]
0x12c6f: int 0x21
0x12c71: xor ax, ax
0x12c73: int 0x16
0x12c75: mov ah, 3
0x12c77: mov al, 0xf
0x12c79: mov ch, 0
0x12c7b: mov cl, 1
0x12c7d: mov dh, 0
2018-12-25T11:40:54.343085319Z 9 PC: 12c71 | Display string (Could not find end pointer)