Sample viewer

vx.netlux.org/Virus.DOS.Trebujena.1094

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:59.684943498Z	253	PC: 12d5a \| UNKNOWN!
2018-12-17T22:32:59.686954905Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:59.68840644Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:59.690147251Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-17T22:32:59.691978758Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-17T22:32:59.693906802Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:40.862295122Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:40.864165205Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:40.866209029Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:40.867587953Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:40.875913847Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:40.882507684Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:41.137752579Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:41.139442487Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.141674754Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.143687562Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:41.146855916Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:41.149557441Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:41.422224179Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:41.426708415Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.428085707Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.429289815Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:41.432955448Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:41.435240291Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:41.826354861Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:41.827629215Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.828886445Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.829936535Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:41.832771158Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:41.834841879Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:41.942379207Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:41.943704074Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.945761073Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:41.947192605Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:41.949774178Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:41.953403131Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:42.603077104Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:42.605197605Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:42.606407027Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:42.60744003Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:42.610403504Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:42.614232114Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:43.169323563Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:43.182099488Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:43.183869346Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:43.184973801Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:43.188179795Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:43.190722591Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:43.150499743Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:43.15160723Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:43.153734457Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:43.155241438Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:43.157789102Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:43.16147801Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":54,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:43.744788817Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:43.745985213Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:43.748889323Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:43.750866525Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:43.753628578Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:43.757080422Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":54,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:44.478581447Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:44.479854676Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:44.48217987Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:44.483591926Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:44.486207616Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:44.489255738Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":54,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:44.678982061Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:44.685620832Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:44.686908734Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:44.687967315Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:44.69094637Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:44.693016279Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":54,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:45.150703049Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:45.152327476Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:45.163592705Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:45.164609827Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:45.166854339Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:45.169183368Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":59,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:45.255925105Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:45.259970536Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:45.261892868Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:45.263568268Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:45.266300512Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:45.270072237Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":59,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:46.585427595Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:46.58700589Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:46.589193126Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:46.59045682Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:46.593049273Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:46.596633472Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":59,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:46.71004285Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:46.71214929Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:46.715556686Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:46.716937775Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:46.719667255Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:46.724087602Z	0	PC: 12ac2 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":59,"Second":0,"TimeBased":true,"OriginalID":5898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:46.72695438Z	253	PC: 12d5a \| UNKNOWN!
2018-12-25T11:55:46.728339697Z	53	PC: 12d68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:46.730381278Z	37	PC: 12dba \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:46.731435279Z	42	PC: 12dbe \| Get date 0x12dbe: cmp dh, 4 0x12dc1: jne 0x12dce 0x12dc3: cmp dl, 0x15 0x12dc6: jne 0x12dce 0x12dc8: jmp 0x12de0 0x12dca: nop 0x12dcb: jmp 0x12e7e 0x12dce: mov ah, 0x2c 0x12dd0: int 0x21 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx
2018-12-25T11:55:46.734351349Z	44	PC: 12dd2 \| Get time 0x12dd2: cmp dl, 0x63 0x12dd5: jb 0x12dcb 0x12dd7: mov ah, 0xa 0x12dd9: cmp ah, byte ptr cs:[0x1b8] 0x12dde: jne 0x12de3 0x12de0: jmp 0x12e9f 0x12de3: inc byte ptr cs:[0x1b8] 0x12de8: push ax 0x12de9: push bx 0x12dea: push cx 0x12deb: push dx 0x12dec: push si 0x12ded: push di 0x12dee: push ds 0x12def: push es 0x12df0: mov ax, 0xb800 0x12df3: mov es, ax 0x12df5: mov si, 0 0x12df8: mov di, 0x9e 0x12dfb: jmp 0x12e66
2018-12-25T11:55:46.736482054Z	0	PC: 12ac2 \| Program terminate