Sample viewer

vx.netlux.org/Virus.DOS.Nuke.Clock

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:51.321788357Z	42	PC: 12b63 \| Get date 0x12b63: cmp dh, 3 0x12b66: jne 0x12b95 0x12b68: mov al, byte ptr [0x182] 0x12b6b: call 0x12b7b 0x12b6e: cmp byte ptr [0x182], 0x19 0x12b73: je 0x12b8a 0x12b75: inc byte ptr [0x182] 0x12b79: loop 0x12b68 0x12b7b: mov ah, 5 0x12b7d: mov ch, byte ptr [0x185] 0x12b81: mov dh, 0 0x12b83: mov dl, byte ptr [0x182] 0x12b87: int 0x13 0x12b89: ret 0x12b8a: mov byte ptr [0x182], 2 0x12b8f: inc byte ptr [0x185] 0x12b93: jmp 0x12b68 0x12b95: mov ah, 0x47 0x12b97: xor dl, dl 0x12b99: add si, 0xa
2018-12-17T22:25:51.324495851Z	71	PC: 12b9f \| Get current directory
2018-12-17T22:25:51.328108609Z	59	PC: 12bab \| Change current directory
2018-12-17T22:25:51.333176471Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:25:51.334946942Z	78	PC: 12c59 \| Find first file
2018-12-17T22:25:51.342898425Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:51.349833056Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.357180652Z	44	PC: 12cc1 \| Get time 0x12cc1: add dl, dh 0x12cc3: je 0x12cbd 0x12cc5: mov si, 0x115 0x12cc8: add si, word ptr [0x106] 0x12ccc: mov byte ptr [si], dl 0x12cce: mov ax, 0x4301 0x12cd1: xor cx, cx 0x12cd3: mov dx, si 0x12cd5: add dx, 0x91 0x12cd9: int 0x21 0x12cdb: mov ah, 0x3e 0x12cdd: int 0x21 0x12cdf: mov ax, 0x3d02 0x12ce2: int 0x21 0x12ce4: jb 0x12ca2 0x12ce6: mov di, dx 0x12ce8: add di, 0x83 0x12cec: stosw word ptr es:[di], ax 0x12ced: xchg ax, bx 0x12cee: mov ah, 0x40
2018-12-17T22:25:51.36372814Z	67	PC: 12cdb \| Get or set file attributes
2018-12-17T22:25:51.382719516Z	62	PC: 12cdf \| Close file
2018-12-17T22:25:51.384583325Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:51.392411587Z	64	PC: 12cf9 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:25:51.395847861Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:25:51.399049925Z	64	PC: 12d21 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:25:51.402571203Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:25:51.404699086Z	64	PC: 12ae8 \| Write file or device (Write 894 bytes on handle 5)
2018-12-17T22:25:51.414774461Z	87	PC: 12d44 \| Get or set file date and time
2018-12-17T22:25:51.416602932Z	62	PC: 12d48 \| Close file
2018-12-17T22:25:51.426061192Z	67	PC: 12d5b \| Get or set file attributes
2018-12-17T22:25:51.443764359Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.453655333Z	61	PC: 12c80 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:25:51.46174877Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.469546064Z	62	PC: 12ca6 \| Close file
2018-12-17T22:25:51.47226196Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.476990622Z	61	PC: 12c80 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:25:51.484456198Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.491688762Z	62	PC: 12ca6 \| Close file
2018-12-17T22:25:51.495016556Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.499996319Z	61	PC: 12c80 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:25:51.507545247Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.516196506Z	62	PC: 12ca6 \| Close file
2018-12-17T22:25:51.51850427Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.521798223Z	61	PC: 12c80 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:25:51.530299248Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.537401574Z	62	PC: 12ca6 \| Close file
2018-12-17T22:25:51.539375136Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.543098316Z	61	PC: 12c80 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:25:51.550453753Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.557686109Z	44	PC: 12cc1 \| Get time 0x12cc1: add dl, dh 0x12cc3: je 0x12cbd 0x12cc5: mov si, 0x115 0x12cc8: add si, word ptr [0x106] 0x12ccc: mov byte ptr [si], dl 0x12cce: mov ax, 0x4301 0x12cd1: xor cx, cx 0x12cd3: mov dx, si 0x12cd5: add dx, 0x91 0x12cd9: int 0x21 0x12cdb: mov ah, 0x3e 0x12cdd: int 0x21 0x12cdf: mov ax, 0x3d02 0x12ce2: int 0x21 0x12ce4: jb 0x12ca2 0x12ce6: mov di, dx 0x12ce8: add di, 0x83 0x12cec: stosw word ptr es:[di], ax 0x12ced: xchg ax, bx 0x12cee: mov ah, 0x40
2018-12-17T22:25:51.56068484Z	67	PC: 12cdb \| Get or set file attributes
2018-12-17T22:25:51.573156955Z	62	PC: 12cdf \| Close file
2018-12-17T22:25:51.575729623Z	61	PC: 12ce4 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:25:51.584037841Z	64	PC: 12cf9 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:25:51.588248034Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:25:51.591557847Z	64	PC: 12d21 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:25:51.594873254Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:25:51.597768851Z	64	PC: 12ae8 \| Write file or device (Write 894 bytes on handle 5)
2018-12-17T22:25:51.608367435Z	87	PC: 12d44 \| Get or set file date and time
2018-12-17T22:25:51.610783227Z	62	PC: 12d48 \| Close file
2018-12-17T22:25:51.620487711Z	67	PC: 12d5b \| Get or set file attributes
2018-12-17T22:25:51.632147005Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.635179075Z	61	PC: 12c80 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:25:51.643568516Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.651224867Z	62	PC: 12ca6 \| Close file
2018-12-17T22:25:51.653798586Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.658622998Z	61	PC: 12c80 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:25:51.666684578Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:25:51.670380098Z	62	PC: 12ca6 \| Close file
2018-12-17T22:25:51.673200474Z	79	PC: 12c6d \| Find next file
2018-12-17T22:25:51.677471989Z	26	PC: 12bd8 \| Set disk transfer address
2018-12-17T22:25:51.679423321Z	78	PC: 12be6 \| Find first file
2018-12-17T22:25:51.686626939Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.694292142Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.700998274Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.704153872Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.712877281Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.714616685Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.718201712Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.726384913Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.728685546Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.732223491Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.74037033Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.742320892Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.745791064Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.752948523Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.755865184Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.759349412Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.766548022Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.769283702Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.772749878Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.779933945Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.782742048Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.787332789Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.794492711Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.797447819Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.800947017Z	59	PC: 12bf5 \| Change current directory
2018-12-17T22:25:51.808077467Z	26	PC: 12c0a \| Set disk transfer address
2018-12-17T22:25:51.809953849Z	79	PC: 12c0e \| Find next file
2018-12-17T22:25:51.813981227Z	59	PC: 12c29 \| Change current directory
2018-12-17T22:25:51.819287919Z	42	PC: 12bb4 \| Get date 0x12bb4: cmp al, 1 0x12bb6: je 0x12bbb 0x12bb8: jmp 0x12dce 0x12bbb: jmp 0x12d61 0x12bbe: and byte ptr [bp + si], bl 0x12bc0: lea cx, word ptr [bx + si + 0x1d4d] 0x12bc4: add byte ptr [di], al 0x12bc6: add byte ptr [di - 0x75], dl 0x12bc9: in al, dx 0x12bca: sub sp, 0x2c 0x12bcd: push si 0x12bce: jmp 0x12c40 0x12bd0: nop 0x12bd1: mov ah, 0x1a 0x12bd3: lea dx, word ptr [bp - 0x2c] 0x12bd6: int 0x21 0x12bd8: mov ah, 0x4e 0x12bda: mov cx, 0x10 0x12bdd: mov dx, 0x17b 0x12be0: add dx, word ptr [0x106]
2018-12-17T22:25:51.822686113Z	53	PC: 12da6 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:25:51.825681125Z	37	PC: 12db8 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:25:51.827658599Z	73	PC: 12dc2 \| Release memory
2018-12-17T22:25:51.829600665Z	49	PC: 12dcb \| Terminate and stay resident (Return code = '0' \| Memory size = '20')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4577,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:14.395897505Z	42	PC: 12b63 \| Get date 0x12b63: cmp dh, 3 0x12b66: jne 0x12b95 0x12b68: mov al, byte ptr [0x182] 0x12b6b: call 0x12b7b 0x12b6e: cmp byte ptr [0x182], 0x19 0x12b73: je 0x12b8a 0x12b75: inc byte ptr [0x182] 0x12b79: loop 0x12b68 0x12b7b: mov ah, 5 0x12b7d: mov ch, byte ptr [0x185] 0x12b81: mov dh, 0 0x12b83: mov dl, byte ptr [0x182] 0x12b87: int 0x13 0x12b89: ret 0x12b8a: mov byte ptr [0x182], 2 0x12b8f: inc byte ptr [0x185] 0x12b93: jmp 0x12b68 0x12b95: mov ah, 0x47 0x12b97: xor dl, dl 0x12b99: add si, 0xa
2018-12-25T11:52:14.4044507Z	71	PC: 12b9f \| Get current directory
2018-12-25T11:52:14.407845669Z	59	PC: 12bab \| Change current directory
2018-12-25T11:52:14.411820841Z	26	PC: 12c4b \| Set disk transfer address
2018-12-25T11:52:14.413262089Z	78	PC: 12c59 \| Find first file
2018-12-25T11:52:14.419687197Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:14.426245418Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:14.432914607Z	44	PC: 12cc1 \| Get time 0x12cc1: add dl, dh 0x12cc3: je 0x12cbd 0x12cc5: mov si, 0x115 0x12cc8: add si, word ptr [0x106] 0x12ccc: mov byte ptr [si], dl 0x12cce: mov ax, 0x4301 0x12cd1: xor cx, cx 0x12cd3: mov dx, si 0x12cd5: add dx, 0x91 0x12cd9: int 0x21 0x12cdb: mov ah, 0x3e 0x12cdd: int 0x21 0x12cdf: mov ax, 0x3d02 0x12ce2: int 0x21 0x12ce4: jb 0x12ca2 0x12ce6: mov di, dx 0x12ce8: add di, 0x83 0x12cec: stosw word ptr es:[di], ax 0x12ced: xchg ax, bx 0x12cee: mov ah, 0x40
2018-12-25T11:52:14.435204719Z	67	PC: 12cdb \| Get or set file attributes
2018-12-25T11:52:14.968558193Z	62	PC: 12cdf \| Close file
2018-12-25T11:52:14.971374817Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:14.978753403Z	64	PC: 12cf9 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:14.985244662Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:14.98806351Z	64	PC: 12d21 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:14.991062619Z	66	PC: 12d2a \| Move file pointer
2018-12-25T11:52:14.99295259Z	64	PC: 12ae8 \| Write file or device (Write 894 bytes on handle 5)
2018-12-25T11:52:15.001855832Z	87	PC: 12d44 \| Get or set file date and time
2018-12-25T11:52:15.00414919Z	62	PC: 12d48 \| Close file
2018-12-25T11:52:15.012553299Z	67	PC: 12d5b \| Get or set file attributes
2018-12-25T11:52:15.023987363Z	79	PC: 12c6d \| Find next file
2018-12-25T11:52:15.02746954Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.031992846Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.036258041Z	62	PC: 12ca6 \| Close file
2018-12-25T11:52:15.03833589Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.040214353Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.044424732Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.048877831Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.050754201Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.054478302Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.060269624Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.066836577Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.068517889Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.071212541Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.078304018Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.084934343Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.08745927Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.091320322Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.098018532Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.104917834Z	44	PC: 12cc1 \| Get time (See above)
2018-12-25T11:52:15.108283673Z	67	PC: 12cdb \| Get or set file attributes (See above)
2018-12-25T11:52:15.118225081Z	62	PC: 12cdf \| Close file (See above)
2018-12-25T11:52:15.120281521Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:52:15.12679008Z	64	PC: 12cf9 \| Write file or device (See above)
2018-12-25T11:52:15.128803589Z	64	PC: 12d0c \| Write file or device (See above)
2018-12-25T11:52:15.130582133Z	64	PC: 12d21 \| Write file or device (See above)
2018-12-25T11:52:15.132988224Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:52:15.134421154Z	64	PC: 12ae8 \| Write file or device (See above)
2018-12-25T11:52:15.140366262Z	87	PC: 12d44 \| Get or set file date and time (See above)
2018-12-25T11:52:15.142180409Z	62	PC: 12d48 \| Close file (See above)
2018-12-25T11:52:15.147868568Z	67	PC: 12d5b \| Get or set file attributes (See above)
2018-12-25T11:52:15.156171941Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.159029124Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.17094149Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.177643045Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.180281654Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.183171918Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.189904086Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.196977369Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.198763113Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.201273806Z	26	PC: 12bd8 \| Set disk transfer address
2018-12-25T11:52:15.202707663Z	78	PC: 12be6 \| Find first file
2018-12-25T11:52:15.209385745Z	59	PC: 12bf5 \| Change current directory
2018-12-25T11:52:15.215264498Z	26	PC: 12c0a \| Set disk transfer address
2018-12-25T11:52:15.216879451Z	79	PC: 12c0e \| Find next file
2018-12-25T11:52:15.219412974Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.225336126Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.227187722Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.241029607Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.246942513Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.248806316Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.251607741Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.257619894Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.258976728Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.26154999Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.267403995Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.269025106Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.271469703Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.277396337Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.278950129Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.281842476Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.288186853Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.290257242Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.293160263Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.299143003Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.300656818Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.304280511Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.31028067Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.31171984Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.314793161Z	59	PC: 12c29 \| Change current directory
2018-12-25T11:52:15.318921902Z	42	PC: 12bb4 \| Get date 0x12bb4: cmp al, 1 0x12bb6: je 0x12bbb 0x12bb8: jmp 0x12dce 0x12bbb: jmp 0x12d61 0x12bbe: and byte ptr [bp + si], bl 0x12bc0: lea cx, word ptr [bx + si + 0x1d4d] 0x12bc4: add byte ptr [di], al 0x12bc6: add byte ptr [di - 0x75], dl 0x12bc9: in al, dx 0x12bca: sub sp, 0x2c 0x12bcd: push si 0x12bce: jmp 0x12c40 0x12bd0: nop 0x12bd1: mov ah, 0x1a 0x12bd3: lea dx, word ptr [bp - 0x2c] 0x12bd6: int 0x21 0x12bd8: mov ah, 0x4e 0x12bda: mov cx, 0x10 0x12bdd: mov dx, 0x17b 0x12be0: add dx, word ptr [0x106]
2018-12-25T11:52:15.321143323Z	59	PC: 12dd9 \| Change current directory
2018-12-25T11:52:15.325869156Z	59	PC: 12de1 \| Change current directory
2018-12-25T11:52:15.3278154Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4577,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:14.861982699Z	42	PC: 12b63 \| Get date 0x12b63: cmp dh, 3 0x12b66: jne 0x12b95 0x12b68: mov al, byte ptr [0x182] 0x12b6b: call 0x12b7b 0x12b6e: cmp byte ptr [0x182], 0x19 0x12b73: je 0x12b8a 0x12b75: inc byte ptr [0x182] 0x12b79: loop 0x12b68 0x12b7b: mov ah, 5 0x12b7d: mov ch, byte ptr [0x185] 0x12b81: mov dh, 0 0x12b83: mov dl, byte ptr [0x182] 0x12b87: int 0x13 0x12b89: ret 0x12b8a: mov byte ptr [0x182], 2 0x12b8f: inc byte ptr [0x185] 0x12b93: jmp 0x12b68 0x12b95: mov ah, 0x47 0x12b97: xor dl, dl 0x12b99: add si, 0xa
2018-12-25T11:52:14.875710037Z	71	PC: 12b9f \| Get current directory
2018-12-25T11:52:14.87884049Z	59	PC: 12bab \| Change current directory
2018-12-25T11:52:14.883034552Z	26	PC: 12c4b \| Set disk transfer address
2018-12-25T11:52:14.884940135Z	78	PC: 12c59 \| Find first file
2018-12-25T11:52:14.890921568Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:14.897375805Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:14.904343798Z	44	PC: 12cc1 \| Get time 0x12cc1: add dl, dh 0x12cc3: je 0x12cbd 0x12cc5: mov si, 0x115 0x12cc8: add si, word ptr [0x106] 0x12ccc: mov byte ptr [si], dl 0x12cce: mov ax, 0x4301 0x12cd1: xor cx, cx 0x12cd3: mov dx, si 0x12cd5: add dx, 0x91 0x12cd9: int 0x21 0x12cdb: mov ah, 0x3e 0x12cdd: int 0x21 0x12cdf: mov ax, 0x3d02 0x12ce2: int 0x21 0x12ce4: jb 0x12ca2 0x12ce6: mov di, dx 0x12ce8: add di, 0x83 0x12cec: stosw word ptr es:[di], ax 0x12ced: xchg ax, bx 0x12cee: mov ah, 0x40
2018-12-25T11:52:14.906472871Z	67	PC: 12cdb \| Get or set file attributes
2018-12-25T11:52:14.968785009Z	62	PC: 12cdf \| Close file
2018-12-25T11:52:14.971920494Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:14.984431926Z	64	PC: 12cf9 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:14.991167494Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:14.993990233Z	64	PC: 12d21 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:14.99818108Z	66	PC: 12d2a \| Move file pointer
2018-12-25T11:52:14.999999712Z	64	PC: 12ae8 \| Write file or device (Write 894 bytes on handle 5)
2018-12-25T11:52:15.008674961Z	87	PC: 12d44 \| Get or set file date and time
2018-12-25T11:52:15.011249264Z	62	PC: 12d48 \| Close file
2018-12-25T11:52:15.019086896Z	67	PC: 12d5b \| Get or set file attributes
2018-12-25T11:52:15.030047208Z	79	PC: 12c6d \| Find next file
2018-12-25T11:52:15.033462541Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.041597854Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.04808896Z	62	PC: 12ca6 \| Close file
2018-12-25T11:52:15.050781214Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.053628775Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.06026063Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.067204648Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.068919964Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.071469423Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.078473512Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.087294833Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.089565876Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.092938485Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.099526823Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.106190947Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.109029554Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.111791789Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.118282128Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.124963128Z	44	PC: 12cc1 \| Get time (See above)
2018-12-25T11:52:15.127732399Z	67	PC: 12cdb \| Get or set file attributes (See above)
2018-12-25T11:52:15.137898521Z	62	PC: 12cdf \| Close file (See above)
2018-12-25T11:52:15.139812933Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:52:15.147134791Z	64	PC: 12cf9 \| Write file or device (See above)
2018-12-25T11:52:15.149786377Z	64	PC: 12d0c \| Write file or device (See above)
2018-12-25T11:52:15.152233461Z	64	PC: 12d21 \| Write file or device (See above)
2018-12-25T11:52:15.155288184Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:52:15.157705607Z	64	PC: 12ae8 \| Write file or device (See above)
2018-12-25T11:52:15.167228245Z	87	PC: 12d44 \| Get or set file date and time (See above)
2018-12-25T11:52:15.169992482Z	62	PC: 12d48 \| Close file (See above)
2018-12-25T11:52:15.178925008Z	67	PC: 12d5b \| Get or set file attributes (See above)
2018-12-25T11:52:15.190640869Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.194593903Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.201046303Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.207799412Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.210021311Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.212618476Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:15.219739164Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:15.22647099Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:15.228097855Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:15.230640103Z	26	PC: 12bd8 \| Set disk transfer address
2018-12-25T11:52:15.232672095Z	78	PC: 12be6 \| Find first file
2018-12-25T11:52:15.238481491Z	59	PC: 12bf5 \| Change current directory
2018-12-25T11:52:15.24486063Z	26	PC: 12c0a \| Set disk transfer address
2018-12-25T11:52:15.246780129Z	79	PC: 12c0e \| Find next file
2018-12-25T11:52:15.249762192Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.255424426Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.256713943Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.259603844Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.265353364Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.266631581Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.270699205Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.276808837Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.278519872Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.282724049Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.28974718Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.291228204Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.295394425Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.301788434Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.302964361Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.307174311Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.313476579Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.314680288Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.319526139Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.327353048Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.328848443Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.332319436Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:15.338158972Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:15.339513749Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:15.34337338Z	59	PC: 12c29 \| Change current directory
2018-12-25T11:52:15.348162944Z	42	PC: 12bb4 \| Get date 0x12bb4: cmp al, 1 0x12bb6: je 0x12bbb 0x12bb8: jmp 0x12dce 0x12bbb: jmp 0x12d61 0x12bbe: and byte ptr [bp + si], bl 0x12bc0: lea cx, word ptr [bx + si + 0x1d4d] 0x12bc4: add byte ptr [di], al 0x12bc6: add byte ptr [di - 0x75], dl 0x12bc9: in al, dx 0x12bca: sub sp, 0x2c 0x12bcd: push si 0x12bce: jmp 0x12c40 0x12bd0: nop 0x12bd1: mov ah, 0x1a 0x12bd3: lea dx, word ptr [bp - 0x2c] 0x12bd6: int 0x21 0x12bd8: mov ah, 0x4e 0x12bda: mov cx, 0x10 0x12bdd: mov dx, 0x17b 0x12be0: add dx, word ptr [0x106]
2018-12-25T11:52:15.350755877Z	59	PC: 12dd9 \| Change current directory
2018-12-25T11:52:15.356689734Z	59	PC: 12de1 \| Change current directory
2018-12-25T11:52:15.358777313Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4577,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:15.955311978Z	42	PC: 12b63 \| Get date 0x12b63: cmp dh, 3 0x12b66: jne 0x12b95 0x12b68: mov al, byte ptr [0x182] 0x12b6b: call 0x12b7b 0x12b6e: cmp byte ptr [0x182], 0x19 0x12b73: je 0x12b8a 0x12b75: inc byte ptr [0x182] 0x12b79: loop 0x12b68 0x12b7b: mov ah, 5 0x12b7d: mov ch, byte ptr [0x185] 0x12b81: mov dh, 0 0x12b83: mov dl, byte ptr [0x182] 0x12b87: int 0x13 0x12b89: ret 0x12b8a: mov byte ptr [0x182], 2 0x12b8f: inc byte ptr [0x185] 0x12b93: jmp 0x12b68 0x12b95: mov ah, 0x47 0x12b97: xor dl, dl 0x12b99: add si, 0xa
2018-12-25T11:52:15.957905836Z	71	PC: 12b9f \| Get current directory
2018-12-25T11:52:15.961315766Z	59	PC: 12bab \| Change current directory
2018-12-25T11:52:15.965720662Z	26	PC: 12c4b \| Set disk transfer address
2018-12-25T11:52:15.966921958Z	78	PC: 12c59 \| Find first file
2018-12-25T11:52:15.979630287Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:15.988093385Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:15.995522162Z	44	PC: 12cc1 \| Get time 0x12cc1: add dl, dh 0x12cc3: je 0x12cbd 0x12cc5: mov si, 0x115 0x12cc8: add si, word ptr [0x106] 0x12ccc: mov byte ptr [si], dl 0x12cce: mov ax, 0x4301 0x12cd1: xor cx, cx 0x12cd3: mov dx, si 0x12cd5: add dx, 0x91 0x12cd9: int 0x21 0x12cdb: mov ah, 0x3e 0x12cdd: int 0x21 0x12cdf: mov ax, 0x3d02 0x12ce2: int 0x21 0x12ce4: jb 0x12ca2 0x12ce6: mov di, dx 0x12ce8: add di, 0x83 0x12cec: stosw word ptr es:[di], ax 0x12ced: xchg ax, bx 0x12cee: mov ah, 0x40
2018-12-25T11:52:15.998681414Z	67	PC: 12cdb \| Get or set file attributes
2018-12-25T11:52:16.015756081Z	62	PC: 12cdf \| Close file
2018-12-25T11:52:16.017723893Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:16.027797763Z	64	PC: 12cf9 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:16.031099048Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:16.034361813Z	64	PC: 12d21 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:16.037933757Z	66	PC: 12d2a \| Move file pointer
2018-12-25T11:52:16.039875151Z	64	PC: 12ae8 \| Write file or device (Write 894 bytes on handle 5)
2018-12-25T11:52:16.050031998Z	87	PC: 12d44 \| Get or set file date and time
2018-12-25T11:52:16.052754898Z	62	PC: 12d48 \| Close file
2018-12-25T11:52:16.061718878Z	67	PC: 12d5b \| Get or set file attributes
2018-12-25T11:52:16.072786409Z	79	PC: 12c6d \| Find next file
2018-12-25T11:52:16.076486937Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.084055727Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.091264276Z	62	PC: 12ca6 \| Close file
2018-12-25T11:52:16.093398509Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.097134292Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.104535737Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.111655316Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.114242783Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.117134552Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.125095647Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.132511718Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.134468536Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.137360995Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.145141026Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.15220719Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.154551424Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.157904385Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.165393956Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.172396725Z	44	PC: 12cc1 \| Get time (See above)
2018-12-25T11:52:16.175235739Z	67	PC: 12cdb \| Get or set file attributes (See above)
2018-12-25T11:52:16.18655304Z	62	PC: 12cdf \| Close file (See above)
2018-12-25T11:52:16.188203098Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:52:16.195547912Z	64	PC: 12cf9 \| Write file or device (See above)
2018-12-25T11:52:16.198889722Z	64	PC: 12d0c \| Write file or device (See above)
2018-12-25T11:52:16.202845153Z	64	PC: 12d21 \| Write file or device (See above)
2018-12-25T11:52:16.205738273Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:52:16.208683861Z	64	PC: 12ae8 \| Write file or device (See above)
2018-12-25T11:52:16.21858582Z	87	PC: 12d44 \| Get or set file date and time (See above)
2018-12-25T11:52:16.220115754Z	62	PC: 12d48 \| Close file (See above)
2018-12-25T11:52:16.229298849Z	67	PC: 12d5b \| Get or set file attributes (See above)
2018-12-25T11:52:16.240029641Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.243273092Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.252211657Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.259346725Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.261305812Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.265081956Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.272270736Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.279573882Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.281547135Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.284509879Z	26	PC: 12bd8 \| Set disk transfer address
2018-12-25T11:52:16.286045105Z	78	PC: 12be6 \| Find first file
2018-12-25T11:52:16.292742903Z	59	PC: 12bf5 \| Change current directory
2018-12-25T11:52:16.300223387Z	26	PC: 12c0a \| Set disk transfer address
2018-12-25T11:52:16.301822236Z	79	PC: 12c0e \| Find next file
2018-12-25T11:52:16.304630776Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.312093101Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.313172246Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.315744546Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.322614702Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.323736189Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.326370988Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.333179877Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.334264334Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.336967457Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.343929011Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.345120575Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.347829925Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.354804378Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.356726637Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.359932553Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.367679137Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.368976644Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.371761571Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.379969683Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.381394354Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.384235815Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.391243755Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.392630242Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.395059451Z	59	PC: 12c29 \| Change current directory
2018-12-25T11:52:16.399603763Z	42	PC: 12bb4 \| Get date 0x12bb4: cmp al, 1 0x12bb6: je 0x12bbb 0x12bb8: jmp 0x12dce 0x12bbb: jmp 0x12d61 0x12bbe: and byte ptr [bp + si], bl 0x12bc0: lea cx, word ptr [bx + si + 0x1d4d] 0x12bc4: add byte ptr [di], al 0x12bc6: add byte ptr [di - 0x75], dl 0x12bc9: in al, dx 0x12bca: sub sp, 0x2c 0x12bcd: push si 0x12bce: jmp 0x12c40 0x12bd0: nop 0x12bd1: mov ah, 0x1a 0x12bd3: lea dx, word ptr [bp - 0x2c] 0x12bd6: int 0x21 0x12bd8: mov ah, 0x4e 0x12bda: mov cx, 0x10 0x12bdd: mov dx, 0x17b 0x12be0: add dx, word ptr [0x106]
2018-12-25T11:52:16.402248476Z	59	PC: 12dd9 \| Change current directory
2018-12-25T11:52:16.406605042Z	59	PC: 12de1 \| Change current directory
2018-12-25T11:52:16.408486973Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4577,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:16.698662953Z	42	PC: 12b63 \| Get date 0x12b63: cmp dh, 3 0x12b66: jne 0x12b95 0x12b68: mov al, byte ptr [0x182] 0x12b6b: call 0x12b7b 0x12b6e: cmp byte ptr [0x182], 0x19 0x12b73: je 0x12b8a 0x12b75: inc byte ptr [0x182] 0x12b79: loop 0x12b68 0x12b7b: mov ah, 5 0x12b7d: mov ch, byte ptr [0x185] 0x12b81: mov dh, 0 0x12b83: mov dl, byte ptr [0x182] 0x12b87: int 0x13 0x12b89: ret 0x12b8a: mov byte ptr [0x182], 2 0x12b8f: inc byte ptr [0x185] 0x12b93: jmp 0x12b68 0x12b95: mov ah, 0x47 0x12b97: xor dl, dl 0x12b99: add si, 0xa
2018-12-25T11:52:16.700992286Z	71	PC: 12b9f \| Get current directory
2018-12-25T11:52:16.702943176Z	59	PC: 12bab \| Change current directory
2018-12-25T11:52:16.705514224Z	26	PC: 12c4b \| Set disk transfer address
2018-12-25T11:52:16.70687569Z	78	PC: 12c59 \| Find first file
2018-12-25T11:52:16.711152685Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:16.71522473Z	63	PC: 12c93 \| Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:52:16.719381201Z	44	PC: 12cc1 \| Get time 0x12cc1: add dl, dh 0x12cc3: je 0x12cbd 0x12cc5: mov si, 0x115 0x12cc8: add si, word ptr [0x106] 0x12ccc: mov byte ptr [si], dl 0x12cce: mov ax, 0x4301 0x12cd1: xor cx, cx 0x12cd3: mov dx, si 0x12cd5: add dx, 0x91 0x12cd9: int 0x21 0x12cdb: mov ah, 0x3e 0x12cdd: int 0x21 0x12cdf: mov ax, 0x3d02 0x12ce2: int 0x21 0x12ce4: jb 0x12ca2 0x12ce6: mov di, dx 0x12ce8: add di, 0x83 0x12cec: stosw word ptr es:[di], ax 0x12ced: xchg ax, bx 0x12cee: mov ah, 0x40
2018-12-25T11:52:16.72103774Z	67	PC: 12cdb \| Get or set file attributes
2018-12-25T11:52:16.737087603Z	62	PC: 12cdf \| Close file
2018-12-25T11:52:16.738708709Z	61	PC: 12ce4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:16.748150732Z	64	PC: 12cf9 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:52:16.753146229Z	64	PC: 12d0c \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:16.754964305Z	64	PC: 12d21 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:52:16.757081634Z	66	PC: 12d2a \| Move file pointer
2018-12-25T11:52:16.758204889Z	64	PC: 12ae8 \| Write file or device (Write 894 bytes on handle 5)
2018-12-25T11:52:16.763801666Z	87	PC: 12d44 \| Get or set file date and time
2018-12-25T11:52:16.765750154Z	62	PC: 12d48 \| Close file
2018-12-25T11:52:16.770708392Z	67	PC: 12d5b \| Get or set file attributes
2018-12-25T11:52:16.776894777Z	79	PC: 12c6d \| Find next file
2018-12-25T11:52:16.779149714Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.783449267Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.787537787Z	62	PC: 12ca6 \| Close file
2018-12-25T11:52:16.789516789Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.79133485Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.795270607Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.805398394Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.807305927Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.809859389Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.823572305Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.830937432Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.832633621Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.835823777Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.842953268Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.849421067Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.851712391Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.854410533Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.860793005Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.867094954Z	44	PC: 12cc1 \| Get time (See above)
2018-12-25T11:52:16.869410556Z	67	PC: 12cdb \| Get or set file attributes (See above)
2018-12-25T11:52:16.879270768Z	62	PC: 12cdf \| Close file (See above)
2018-12-25T11:52:16.881214765Z	61	PC: 12ce4 \| Open file (See above)
2018-12-25T11:52:16.888182423Z	64	PC: 12cf9 \| Write file or device (See above)
2018-12-25T11:52:16.890736683Z	64	PC: 12d0c \| Write file or device (See above)
2018-12-25T11:52:16.894020893Z	64	PC: 12d21 \| Write file or device (See above)
2018-12-25T11:52:16.897318608Z	66	PC: 12d2a \| Move file pointer (See above)
2018-12-25T11:52:16.899215367Z	64	PC: 12ae8 \| Write file or device (See above)
2018-12-25T11:52:16.90817693Z	87	PC: 12d44 \| Get or set file date and time (See above)
2018-12-25T11:52:16.910694181Z	62	PC: 12d48 \| Close file (See above)
2018-12-25T11:52:16.918052447Z	67	PC: 12d5b \| Get or set file attributes (See above)
2018-12-25T11:52:16.927578955Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.930781337Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.937288905Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.943714458Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.946355847Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.94938271Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T11:52:16.955955278Z	63	PC: 12c93 \| Read file or device (See above)
2018-12-25T11:52:16.96289506Z	62	PC: 12ca6 \| Close file (See above)
2018-12-25T11:52:16.96465806Z	79	PC: 12c6d \| Find next file (See above)
2018-12-25T11:52:16.966971343Z	26	PC: 12bd8 \| Set disk transfer address
2018-12-25T11:52:16.968404826Z	78	PC: 12be6 \| Find first file
2018-12-25T11:52:16.974021627Z	59	PC: 12bf5 \| Change current directory
2018-12-25T11:52:16.979682018Z	26	PC: 12c0a \| Set disk transfer address
2018-12-25T11:52:16.981123498Z	79	PC: 12c0e \| Find next file
2018-12-25T11:52:16.983578882Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.989285454Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:16.990824699Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:16.993213282Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:16.998763052Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.000576044Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.003280388Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:17.01369706Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.014758559Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.017727632Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:17.028465507Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.029382305Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.031829921Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:17.037326576Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.038502306Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.041367445Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:17.046900229Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.048116295Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.050996911Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:17.056630508Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.057433273Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.060474809Z	59	PC: 12bf5 \| Change current directory (See above)
2018-12-25T11:52:17.066521067Z	26	PC: 12c0a \| Set disk transfer address (See above)
2018-12-25T11:52:17.067911472Z	79	PC: 12c0e \| Find next file (See above)
2018-12-25T11:52:17.0710404Z	59	PC: 12c29 \| Change current directory
2018-12-25T11:52:17.079643328Z	42	PC: 12bb4 \| Get date 0x12bb4: cmp al, 1 0x12bb6: je 0x12bbb 0x12bb8: jmp 0x12dce 0x12bbb: jmp 0x12d61 0x12bbe: and byte ptr [bp + si], bl 0x12bc0: lea cx, word ptr [bx + si + 0x1d4d] 0x12bc4: add byte ptr [di], al 0x12bc6: add byte ptr [di - 0x75], dl 0x12bc9: in al, dx 0x12bca: sub sp, 0x2c 0x12bcd: push si 0x12bce: jmp 0x12c40 0x12bd0: nop 0x12bd1: mov ah, 0x1a 0x12bd3: lea dx, word ptr [bp - 0x2c] 0x12bd6: int 0x21 0x12bd8: mov ah, 0x4e 0x12bda: mov cx, 0x10 0x12bdd: mov dx, 0x17b 0x12be0: add dx, word ptr [0x106]
2018-12-25T11:52:17.081947077Z	59	PC: 12dd9 \| Change current directory
2018-12-25T11:52:17.092016384Z	59	PC: 12de1 \| Change current directory
2018-12-25T11:52:17.093984645Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')