Sample viewer

vx.netlux.org/Virus.DOS.Parasite.1024

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:33.523016728Z	47	PC: 12a6c \| Get disk transfer address
2018-12-17T22:51:33.525339638Z	26	PC: 12a7f \| Set disk transfer address
2018-12-17T22:51:33.526606314Z	42	PC: 12a8f \| Get date 0x12a8f: cmp cx, 0x7c8 0x12a93: jge 0x12a98 0x12a95: jmp 0x12b62 0x12a98: cmp dh, 1 0x12a9b: jge 0x12aa0 0x12a9d: jmp 0x12b62 0x12aa0: cmp dl, 1 0x12aa3: jge 0x12aa8 0x12aa5: jmp 0x12b62 0x12aa8: mov ah, 2 0x12aaa: mov dl, 0xd 0x12aac: int 0x21 0x12aae: mov dl, 0xa 0x12ab0: int 0x21 0x12ab2: mov dl, 7 0x12ab4: int 0x21 0x12ab6: mov dl, 0x53 0x12ab8: int 0x21 0x12aba: mov dl, 0x69 0x12abc: int 0x21
2018-12-17T22:51:33.529054174Z	2	PC: 12aae \| Character output (Char = '0d')
2018-12-17T22:51:33.53202282Z	2	PC: 12ab2 \| Character output (Char = '0a')
2018-12-17T22:51:33.541356172Z	2	PC: 12ab6 \| Character output (Char = '07')
2018-12-17T22:51:33.543677494Z	2	PC: 12aba \| Character output (Char = '53')
2018-12-17T22:51:33.546170146Z	2	PC: 12abe \| Character output (Char = '69')
2018-12-17T22:51:33.549697479Z	2	PC: 12ac2 \| Character output (Char = '63')
2018-12-17T22:51:33.552526897Z	2	PC: 12ac6 \| Character output (Char = '69')
2018-12-17T22:51:33.555308669Z	2	PC: 12aca \| Character output (Char = '6c')
2018-12-17T22:51:33.55871279Z	2	PC: 12ace \| Character output (Char = '69')
2018-12-17T22:51:33.561200397Z	2	PC: 12ad2 \| Character output (Char = '61')
2018-12-17T22:51:33.5635822Z	2	PC: 12ad6 \| Character output (Char = '6e')
2018-12-17T22:51:33.566356964Z	2	PC: 12ada \| Character output (Char = '20')
2018-12-17T22:51:33.573238696Z	2	PC: 12ade \| Character output (Char = '4d')
2018-12-17T22:51:33.57548408Z	2	PC: 12ae2 \| Character output (Char = '6f')
2018-12-17T22:51:33.578176806Z	2	PC: 12ae6 \| Character output (Char = '62')
2018-12-17T22:51:33.58048774Z	2	PC: 12aea \| Character output (Char = '20')
2018-12-17T22:51:33.582774721Z	2	PC: 12aee \| Character output (Char = '49')
2018-12-17T22:51:33.585177713Z	2	PC: 12af2 \| Character output (Char = '61')
2018-12-17T22:51:33.588069766Z	2	PC: 12af6 \| Character output (Char = '20')
2018-12-17T22:51:33.591076564Z	2	PC: 12afa \| Character output (Char = '2d')
2018-12-17T22:51:33.594051593Z	2	PC: 12afe \| Character output (Char = '20')
2018-12-17T22:51:33.597574399Z	2	PC: 12b02 \| Character output (Char = '56')
2018-12-17T22:51:33.599869647Z	2	PC: 12b06 \| Character output (Char = '69')
2018-12-17T22:51:33.602053405Z	2	PC: 12b0a \| Character output (Char = '72')
2018-12-17T22:51:33.60489051Z	2	PC: 12b0e \| Character output (Char = '75')
2018-12-17T22:51:33.607097522Z	2	PC: 12b12 \| Character output (Char = '73')
2018-12-17T22:51:33.610226692Z	2	PC: 12b16 \| Character output (Char = '20')
2018-12-17T22:51:33.612931191Z	2	PC: 12b1a \| Character output (Char = '5b')
2018-12-17T22:51:33.615123776Z	2	PC: 12b1e \| Character output (Char = '4e')
2018-12-17T22:51:33.617317324Z	2	PC: 12b22 \| Character output (Char = '55')
2018-12-17T22:51:33.628433222Z	2	PC: 12b26 \| Character output (Char = '4b')
2018-12-17T22:51:33.630788839Z	2	PC: 12b2a \| Character output (Char = '45')
2018-12-17T22:51:33.633014945Z	2	PC: 12b2e \| Character output (Char = '5d')
2018-12-17T22:51:33.636017989Z	2	PC: 12b32 \| Character output (Char = '27')
2018-12-17T22:51:33.638350578Z	2	PC: 12b36 \| Character output (Char = '39')
2018-12-17T22:51:33.641330976Z	2	PC: 12b3a \| Character output (Char = '31')
2018-12-17T22:51:33.644191475Z	2	PC: 12b3e \| Character output (Char = '20')
2018-12-17T22:51:33.646949993Z	2	PC: 12b42 \| Character output (Char = '2d')
2018-12-17T22:51:33.649421428Z	2	PC: 12b46 \| Character output (Char = '20')
2018-12-17T22:51:33.652989243Z	2	PC: 12b4a \| Character output (Char = '52')
2018-12-17T22:51:33.655843914Z	2	PC: 12b4e \| Character output (Char = '6f')
2018-12-17T22:51:33.658385338Z	2	PC: 12b52 \| Character output (Char = '63')
2018-12-17T22:51:33.661353991Z	2	PC: 12b56 \| Character output (Char = '6b')
2018-12-17T22:51:33.663211295Z	2	PC: 12b5a \| Character output (Char = '20')
2018-12-17T22:51:33.664940498Z	2	PC: 12b5e \| Character output (Char = '4d')
2018-12-17T22:51:33.666724033Z	2	PC: 12b62 \| Character output (Char = '50')
2018-12-17T22:51:33.669027595Z	44	PC: 12b66 \| Get time 0x12b66: and dh, 7 0x12b69: jne 0x12b6d 0x12b6b: int 0x19 0x12b6d: pop si 0x12b6e: push si 0x12b6f: add si, 0xcf 0x12b73: lodsb al, byte ptr [si] 0x12b74: mov cx, 0x8000 0x12b77: repne scasb al, byte ptr es:[di] 0x12b79: mov cx, 4 0x12b7c: lodsb al, byte ptr [si] 0x12b7d: scasb al, byte ptr es:[di] 0x12b7e: jne 0x12b6d 0x12b80: loop 0x12b7c 0x12b82: pop si 0x12b83: pop es 0x12b84: mov word ptr [si + 0xcb], di 0x12b88: mov di, si 0x12b8a: add di, 0xd4 0x12b8e: mov bx, si
2018-12-17T22:51:33.670722037Z	78	PC: 12bf0 \| Find first file
2018-12-17T22:51:33.6747931Z	67	PC: 12c2e \| Get or set file attributes
2018-12-17T22:51:33.681034953Z	67	PC: 12c40 \| Get or set file attributes
2018-12-17T22:51:33.698763967Z	61	PC: 12c4b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:33.706093419Z	87	PC: 12c57 \| Get or set file date and time
2018-12-17T22:51:33.707808501Z	44	PC: 12c63 \| Get time 0x12c63: and dh, 7 0x12c66: jmp 0x12c69 0x12c68: nop 0x12c69: mov ah, 0x3f 0x12c6b: mov cx, 3 0x12c6e: mov dx, 0xbf 0x12c71: nop 0x12c72: add dx, si 0x12c74: int 0x21 0x12c76: jb 0x12ccd 0x12c78: cmp ax, 3 0x12c7b: jne 0x12ccd 0x12c7d: mov ax, 0x4202 0x12c80: mov cx, 0 0x12c83: mov dx, 0 0x12c86: int 0x21 0x12c88: jb 0x12ccd 0x12c8a: mov cx, ax 0x12c8c: sub ax, 3 0x12c8f: mov word ptr [si + 0xc3], ax
2018-12-17T22:51:33.709501502Z	63	PC: 12c76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:51:33.713887401Z	66	PC: 12c88 \| Move file pointer
2018-12-17T22:51:33.715455454Z	64	PC: 12cac \| Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:51:33.721536561Z	66	PC: 12cbe \| Move file pointer
2018-12-17T22:51:33.722828496Z	64	PC: 12ccd \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:33.729071096Z	87	PC: 12ce0 \| Get or set file date and time
2018-12-17T22:51:33.730835453Z	62	PC: 12ce4 \| Close file
2018-12-17T22:51:33.73985646Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-17T22:51:33.752204189Z	26	PC: 12d00 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":10591,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:31.521475248Z	47	PC: 12a6c \| Get disk transfer address
2018-12-25T12:28:31.52392818Z	26	PC: 12a7f \| Set disk transfer address
2018-12-25T12:28:31.525265939Z	42	PC: 12a8f \| Get date 0x12a8f: cmp cx, 0x7c8 0x12a93: jge 0x12a98 0x12a95: jmp 0x12b62 0x12a98: cmp dh, 1 0x12a9b: jge 0x12aa0 0x12a9d: jmp 0x12b62 0x12aa0: cmp dl, 1 0x12aa3: jge 0x12aa8 0x12aa5: jmp 0x12b62 0x12aa8: mov ah, 2 0x12aaa: mov dl, 0xd 0x12aac: int 0x21 0x12aae: mov dl, 0xa 0x12ab0: int 0x21 0x12ab2: mov dl, 7 0x12ab4: int 0x21 0x12ab6: mov dl, 0x53 0x12ab8: int 0x21 0x12aba: mov dl, 0x69 0x12abc: int 0x21
2018-12-25T12:28:31.527283677Z	44	PC: 12b66 \| Get time 0x12b66: and dh, 7 0x12b69: jne 0x12b6d 0x12b6b: int 0x19 0x12b6d: pop si 0x12b6e: push si 0x12b6f: add si, 0xcf 0x12b73: lodsb al, byte ptr [si] 0x12b74: mov cx, 0x8000 0x12b77: repne scasb al, byte ptr es:[di] 0x12b79: mov cx, 4 0x12b7c: lodsb al, byte ptr [si] 0x12b7d: scasb al, byte ptr es:[di] 0x12b7e: jne 0x12b6d 0x12b80: loop 0x12b7c 0x12b82: pop si 0x12b83: pop es 0x12b84: mov word ptr [si + 0xcb], di 0x12b88: mov di, si 0x12b8a: add di, 0xd4 0x12b8e: mov bx, si
2018-12-25T12:28:31.529877838Z	78	PC: 12bf0 \| Find first file
2018-12-25T12:28:31.536031643Z	67	PC: 12c2e \| Get or set file attributes
2018-12-25T12:28:31.539771086Z	67	PC: 12c40 \| Get or set file attributes
2018-12-25T12:28:31.552538154Z	61	PC: 12c4b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:31.556783709Z	87	PC: 12c57 \| Get or set file date and time
2018-12-25T12:28:31.557806432Z	44	PC: 12c63 \| Get time 0x12c63: and dh, 7 0x12c66: jmp 0x12c69 0x12c68: nop 0x12c69: mov ah, 0x3f 0x12c6b: mov cx, 3 0x12c6e: mov dx, 0xbf 0x12c71: nop 0x12c72: add dx, si 0x12c74: int 0x21 0x12c76: jb 0x12ccd 0x12c78: cmp ax, 3 0x12c7b: jne 0x12ccd 0x12c7d: mov ax, 0x4202 0x12c80: mov cx, 0 0x12c83: mov dx, 0 0x12c86: int 0x21 0x12c88: jb 0x12ccd 0x12c8a: mov cx, ax 0x12c8c: sub ax, 3 0x12c8f: mov word ptr [si + 0xc3], ax
2018-12-25T12:28:31.559346737Z	63	PC: 12c76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:31.566892417Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:28:31.567867472Z	64	PC: 12cac \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:28:31.573325627Z	66	PC: 12cbe \| Move file pointer
2018-12-25T12:28:31.574844722Z	64	PC: 12ccd \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:31.579096195Z	87	PC: 12ce0 \| Get or set file date and time
2018-12-25T12:28:31.580232643Z	62	PC: 12ce4 \| Close file
2018-12-25T12:28:31.587326714Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-25T12:28:31.596309509Z	26	PC: 12d00 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":10591,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:31.787579166Z	47	PC: 12a6c \| Get disk transfer address
2018-12-25T12:28:31.789771068Z	26	PC: 12a7f \| Set disk transfer address
2018-12-25T12:28:31.79118433Z	42	PC: 12a8f \| Get date 0x12a8f: cmp cx, 0x7c8 0x12a93: jge 0x12a98 0x12a95: jmp 0x12b62 0x12a98: cmp dh, 1 0x12a9b: jge 0x12aa0 0x12a9d: jmp 0x12b62 0x12aa0: cmp dl, 1 0x12aa3: jge 0x12aa8 0x12aa5: jmp 0x12b62 0x12aa8: mov ah, 2 0x12aaa: mov dl, 0xd 0x12aac: int 0x21 0x12aae: mov dl, 0xa 0x12ab0: int 0x21 0x12ab2: mov dl, 7 0x12ab4: int 0x21 0x12ab6: mov dl, 0x53 0x12ab8: int 0x21 0x12aba: mov dl, 0x69 0x12abc: int 0x21
2018-12-25T12:28:31.793647572Z	44	PC: 12b66 \| Get time 0x12b66: and dh, 7 0x12b69: jne 0x12b6d 0x12b6b: int 0x19 0x12b6d: pop si 0x12b6e: push si 0x12b6f: add si, 0xcf 0x12b73: lodsb al, byte ptr [si] 0x12b74: mov cx, 0x8000 0x12b77: repne scasb al, byte ptr es:[di] 0x12b79: mov cx, 4 0x12b7c: lodsb al, byte ptr [si] 0x12b7d: scasb al, byte ptr es:[di] 0x12b7e: jne 0x12b6d 0x12b80: loop 0x12b7c 0x12b82: pop si 0x12b83: pop es 0x12b84: mov word ptr [si + 0xcb], di 0x12b88: mov di, si 0x12b8a: add di, 0xd4 0x12b8e: mov bx, si
2018-12-25T12:28:31.796567277Z	78	PC: 12bf0 \| Find first file
2018-12-25T12:28:31.802597329Z	67	PC: 12c2e \| Get or set file attributes
2018-12-25T12:28:31.808088494Z	67	PC: 12c40 \| Get or set file attributes
2018-12-25T12:28:31.82516338Z	61	PC: 12c4b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:31.831652363Z	87	PC: 12c57 \| Get or set file date and time
2018-12-25T12:28:31.832951635Z	44	PC: 12c63 \| Get time 0x12c63: and dh, 7 0x12c66: jmp 0x12c69 0x12c68: nop 0x12c69: mov ah, 0x3f 0x12c6b: mov cx, 3 0x12c6e: mov dx, 0xbf 0x12c71: nop 0x12c72: add dx, si 0x12c74: int 0x21 0x12c76: jb 0x12ccd 0x12c78: cmp ax, 3 0x12c7b: jne 0x12ccd 0x12c7d: mov ax, 0x4202 0x12c80: mov cx, 0 0x12c83: mov dx, 0 0x12c86: int 0x21 0x12c88: jb 0x12ccd 0x12c8a: mov cx, ax 0x12c8c: sub ax, 3 0x12c8f: mov word ptr [si + 0xc3], ax
2018-12-25T12:28:31.835155568Z	63	PC: 12c76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:31.841893529Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:28:31.843932312Z	64	PC: 12cac \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:28:31.85242451Z	66	PC: 12cbe \| Move file pointer
2018-12-25T12:28:31.854359703Z	64	PC: 12ccd \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:31.86065135Z	87	PC: 12ce0 \| Get or set file date and time
2018-12-25T12:28:31.862140358Z	62	PC: 12ce4 \| Close file
2018-12-25T12:28:31.871321512Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-25T12:28:31.880940697Z	26	PC: 12d00 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10591,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:32.086682986Z	47	PC: 12a6c \| Get disk transfer address
2018-12-25T12:28:32.087928251Z	26	PC: 12a7f \| Set disk transfer address
2018-12-25T12:28:32.088859847Z	42	PC: 12a8f \| Get date 0x12a8f: cmp cx, 0x7c8 0x12a93: jge 0x12a98 0x12a95: jmp 0x12b62 0x12a98: cmp dh, 1 0x12a9b: jge 0x12aa0 0x12a9d: jmp 0x12b62 0x12aa0: cmp dl, 1 0x12aa3: jge 0x12aa8 0x12aa5: jmp 0x12b62 0x12aa8: mov ah, 2 0x12aaa: mov dl, 0xd 0x12aac: int 0x21 0x12aae: mov dl, 0xa 0x12ab0: int 0x21 0x12ab2: mov dl, 7 0x12ab4: int 0x21 0x12ab6: mov dl, 0x53 0x12ab8: int 0x21 0x12aba: mov dl, 0x69 0x12abc: int 0x21
2018-12-25T12:28:32.090388016Z	44	PC: 12b66 \| Get time 0x12b66: and dh, 7 0x12b69: jne 0x12b6d 0x12b6b: int 0x19 0x12b6d: pop si 0x12b6e: push si 0x12b6f: add si, 0xcf 0x12b73: lodsb al, byte ptr [si] 0x12b74: mov cx, 0x8000 0x12b77: repne scasb al, byte ptr es:[di] 0x12b79: mov cx, 4 0x12b7c: lodsb al, byte ptr [si] 0x12b7d: scasb al, byte ptr es:[di] 0x12b7e: jne 0x12b6d 0x12b80: loop 0x12b7c 0x12b82: pop si 0x12b83: pop es 0x12b84: mov word ptr [si + 0xcb], di 0x12b88: mov di, si 0x12b8a: add di, 0xd4 0x12b8e: mov bx, si
2018-12-25T12:28:32.092539775Z	78	PC: 12bf0 \| Find first file
2018-12-25T12:28:32.096344228Z	67	PC: 12c2e \| Get or set file attributes
2018-12-25T12:28:32.100798606Z	67	PC: 12c40 \| Get or set file attributes
2018-12-25T12:28:32.119311941Z	61	PC: 12c4b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:32.131299765Z	87	PC: 12c57 \| Get or set file date and time
2018-12-25T12:28:32.132619623Z	44	PC: 12c63 \| Get time 0x12c63: and dh, 7 0x12c66: jmp 0x12c69 0x12c68: nop 0x12c69: mov ah, 0x3f 0x12c6b: mov cx, 3 0x12c6e: mov dx, 0xbf 0x12c71: nop 0x12c72: add dx, si 0x12c74: int 0x21 0x12c76: jb 0x12ccd 0x12c78: cmp ax, 3 0x12c7b: jne 0x12ccd 0x12c7d: mov ax, 0x4202 0x12c80: mov cx, 0 0x12c83: mov dx, 0 0x12c86: int 0x21 0x12c88: jb 0x12ccd 0x12c8a: mov cx, ax 0x12c8c: sub ax, 3 0x12c8f: mov word ptr [si + 0xc3], ax
2018-12-25T12:28:32.134639397Z	63	PC: 12c76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:32.14177812Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:28:32.143368334Z	64	PC: 12cac \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:28:32.151699157Z	66	PC: 12cbe \| Move file pointer
2018-12-25T12:28:32.153939588Z	64	PC: 12ccd \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:32.160561412Z	87	PC: 12ce0 \| Get or set file date and time
2018-12-25T12:28:32.162050587Z	62	PC: 12ce4 \| Close file
2018-12-25T12:28:32.170942901Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-25T12:28:32.180676279Z	26	PC: 12d00 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10591,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:32.486932156Z	47	PC: 12a6c \| Get disk transfer address
2018-12-25T12:28:32.488581807Z	26	PC: 12a7f \| Set disk transfer address
2018-12-25T12:28:32.489668827Z	42	PC: 12a8f \| Get date 0x12a8f: cmp cx, 0x7c8 0x12a93: jge 0x12a98 0x12a95: jmp 0x12b62 0x12a98: cmp dh, 1 0x12a9b: jge 0x12aa0 0x12a9d: jmp 0x12b62 0x12aa0: cmp dl, 1 0x12aa3: jge 0x12aa8 0x12aa5: jmp 0x12b62 0x12aa8: mov ah, 2 0x12aaa: mov dl, 0xd 0x12aac: int 0x21 0x12aae: mov dl, 0xa 0x12ab0: int 0x21 0x12ab2: mov dl, 7 0x12ab4: int 0x21 0x12ab6: mov dl, 0x53 0x12ab8: int 0x21 0x12aba: mov dl, 0x69 0x12abc: int 0x21
2018-12-25T12:28:32.49168005Z	44	PC: 12b66 \| Get time 0x12b66: and dh, 7 0x12b69: jne 0x12b6d 0x12b6b: int 0x19 0x12b6d: pop si 0x12b6e: push si 0x12b6f: add si, 0xcf 0x12b73: lodsb al, byte ptr [si] 0x12b74: mov cx, 0x8000 0x12b77: repne scasb al, byte ptr es:[di] 0x12b79: mov cx, 4 0x12b7c: lodsb al, byte ptr [si] 0x12b7d: scasb al, byte ptr es:[di] 0x12b7e: jne 0x12b6d 0x12b80: loop 0x12b7c 0x12b82: pop si 0x12b83: pop es 0x12b84: mov word ptr [si + 0xcb], di 0x12b88: mov di, si 0x12b8a: add di, 0xd4 0x12b8e: mov bx, si
2018-12-25T12:28:32.49420751Z	78	PC: 12bf0 \| Find first file
2018-12-25T12:28:32.500125675Z	67	PC: 12c2e \| Get or set file attributes
2018-12-25T12:28:32.505644571Z	67	PC: 12c40 \| Get or set file attributes
2018-12-25T12:28:32.523942977Z	61	PC: 12c4b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:32.535236261Z	87	PC: 12c57 \| Get or set file date and time
2018-12-25T12:28:32.536479413Z	44	PC: 12c63 \| Get time 0x12c63: and dh, 7 0x12c66: jmp 0x12c69 0x12c68: nop 0x12c69: mov ah, 0x3f 0x12c6b: mov cx, 3 0x12c6e: mov dx, 0xbf 0x12c71: nop 0x12c72: add dx, si 0x12c74: int 0x21 0x12c76: jb 0x12ccd 0x12c78: cmp ax, 3 0x12c7b: jne 0x12ccd 0x12c7d: mov ax, 0x4202 0x12c80: mov cx, 0 0x12c83: mov dx, 0 0x12c86: int 0x21 0x12c88: jb 0x12ccd 0x12c8a: mov cx, ax 0x12c8c: sub ax, 3 0x12c8f: mov word ptr [si + 0xc3], ax
2018-12-25T12:28:32.538913002Z	63	PC: 12c76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:32.545435326Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:28:32.546858293Z	64	PC: 12cac \| Write file or device (Write 1024 bytes on handle 5)
2018-12-25T12:28:32.556423712Z	66	PC: 12cbe \| Move file pointer
2018-12-25T12:28:32.570933819Z	64	PC: 12ccd \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:32.577329535Z	87	PC: 12ce0 \| Get or set file date and time
2018-12-25T12:28:32.579226462Z	62	PC: 12ce4 \| Close file
2018-12-25T12:28:32.587052396Z	67	PC: 12cf3 \| Get or set file attributes
2018-12-25T12:28:32.59692884Z	26	PC: 12d00 \| Set disk transfer address