Sample viewer

vx.netlux.org/Virus.DOS.Aurea.768

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:18.661741807Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-17T22:46:18.66312464Z	78	PC: 12b45 \| Find first file
2018-12-17T22:46:18.673507177Z	61	PC: 12bb6 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:46:18.681450728Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:46:18.68846014Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:46:18.690820087Z	64	PC: 12c0d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:46:18.693986545Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-17T22:46:18.696717362Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-17T22:46:19.041951137Z	66	PC: 12c88 \| Move file pointer
2018-12-17T22:46:19.043806471Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-17T22:46:19.050768583Z	87	PC: 12cca \| Get or set file date and time
2018-12-17T22:46:19.053741917Z	62	PC: 12cd2 \| Close file
2018-12-17T22:46:19.071157255Z	78	PC: 12b45 \| Find first file
2018-12-17T22:46:19.078273829Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:46:19.087203139Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:46:19.094811839Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:46:19.096468384Z	64	PC: 12c0d \| Write file or device (Write 9 bytes on handle 5)
2018-12-17T22:46:19.09960908Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-17T22:46:19.103237296Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-17T22:46:19.119265511Z	66	PC: 12c88 \| Move file pointer
2018-12-17T22:46:19.121258625Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-17T22:46:19.131043492Z	87	PC: 12cca \| Get or set file date and time
2018-12-17T22:46:19.133480684Z	62	PC: 12cd2 \| Close file
2018-12-17T22:46:19.142737983Z	42	PC: 12aff \| Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12ce9 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cd3 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x32d], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x32f], es 0x12b30: push es
2018-12-17T22:46:19.146836174Z	26	PC: 12b39 \| Set disk transfer address
2018-12-17T22:46:19.148511193Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:54.257813889Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T12:21:54.259050423Z	78	PC: 12b45 \| Find first file
2018-12-25T12:21:54.26993746Z	61	PC: 12bb6 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T12:21:54.278106737Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:21:54.284383493Z	66	PC: 12bf0 \| Move file pointer
2018-12-25T12:21:54.286841881Z	64	PC: 12c0d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:54.290422326Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-25T12:21:54.29361872Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-25T12:21:54.634582217Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:21:54.636994441Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-25T12:21:54.643811335Z	87	PC: 12cca \| Get or set file date and time
2018-12-25T12:21:54.64711096Z	62	PC: 12cd2 \| Close file
2018-12-25T12:21:54.662923233Z	78	PC: 12b45 \| Find first file (See above)
2018-12-25T12:21:54.670105561Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:54.678021474Z	63	PC: 12bca \| Read file or device (See above)
2018-12-25T12:21:54.686076855Z	66	PC: 12bf0 \| Move file pointer (See above)
2018-12-25T12:21:54.687784534Z	64	PC: 12c0d \| Write file or device (See above)
2018-12-25T12:21:54.690900693Z	44	PC: 12c22 \| Get time (See above)
2018-12-25T12:21:54.69439039Z	64	PC: 12c6a \| Write file or device (See above)
2018-12-25T12:21:54.70959278Z	66	PC: 12c88 \| Move file pointer (See above)
2018-12-25T12:21:54.711475114Z	64	PC: 12cb6 \| Write file or device (See above)
2018-12-25T12:21:54.719454196Z	87	PC: 12cca \| Get or set file date and time (See above)
2018-12-25T12:21:54.721451923Z	62	PC: 12cd2 \| Close file (See above)
2018-12-25T12:21:54.731189977Z	42	PC: 12aff \| Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12ce9 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cd3 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x32d], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x32f], es 0x12b30: push es
2018-12-25T12:21:54.73497781Z	26	PC: 12b39 \| Set disk transfer address
2018-12-25T12:21:54.737101427Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:54.253412212Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T12:21:54.255275341Z	78	PC: 12b45 \| Find first file
2018-12-25T12:21:54.261974946Z	61	PC: 12bb6 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T12:21:54.266131311Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:21:54.270605673Z	66	PC: 12bf0 \| Move file pointer
2018-12-25T12:21:54.272210736Z	64	PC: 12c0d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:54.273961124Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-25T12:21:54.275711221Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-25T12:21:55.561134373Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:21:55.565777497Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-25T12:21:55.573176655Z	87	PC: 12cca \| Get or set file date and time
2018-12-25T12:21:55.575999984Z	62	PC: 12cd2 \| Close file
2018-12-25T12:21:55.582780234Z	78	PC: 12b45 \| Find first file (See above)
2018-12-25T12:21:55.58915269Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:55.597458258Z	63	PC: 12bca \| Read file or device (See above)
2018-12-25T12:21:55.603971805Z	66	PC: 12bf0 \| Move file pointer (See above)
2018-12-25T12:21:55.605487724Z	64	PC: 12c0d \| Write file or device (See above)
2018-12-25T12:21:55.609320594Z	44	PC: 12c22 \| Get time (See above)
2018-12-25T12:21:55.612149546Z	64	PC: 12c6a \| Write file or device (See above)
2018-12-25T12:21:55.63845445Z	66	PC: 12c88 \| Move file pointer (See above)
2018-12-25T12:21:55.64441511Z	64	PC: 12cb6 \| Write file or device (See above)
2018-12-25T12:21:55.650811377Z	87	PC: 12cca \| Get or set file date and time (See above)
2018-12-25T12:21:55.65253559Z	62	PC: 12cd2 \| Close file (See above)
2018-12-25T12:21:55.660338622Z	42	PC: 12aff \| Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12ce9 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cd3 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x32d], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x32f], es 0x12b30: push es
2018-12-25T12:21:55.663414266Z	26	PC: 12b39 \| Set disk transfer address
2018-12-25T12:21:55.664484096Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:54.286132294Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T12:21:54.288420729Z	78	PC: 12b45 \| Find first file
2018-12-25T12:21:54.297217049Z	61	PC: 12bb6 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T12:21:54.304373421Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:21:54.30994808Z	66	PC: 12bf0 \| Move file pointer
2018-12-25T12:21:54.312409423Z	64	PC: 12c0d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:54.315103788Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-25T12:21:54.316778126Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-25T12:21:55.560917025Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:21:55.565989644Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-25T12:21:55.572335634Z	87	PC: 12cca \| Get or set file date and time
2018-12-25T12:21:55.574750608Z	62	PC: 12cd2 \| Close file
2018-12-25T12:21:55.581564199Z	78	PC: 12b45 \| Find first file (See above)
2018-12-25T12:21:55.587532065Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:55.595948936Z	63	PC: 12bca \| Read file or device (See above)
2018-12-25T12:21:55.603056749Z	66	PC: 12bf0 \| Move file pointer (See above)
2018-12-25T12:21:55.604714917Z	64	PC: 12c0d \| Write file or device (See above)
2018-12-25T12:21:55.608735725Z	44	PC: 12c22 \| Get time (See above)
2018-12-25T12:21:55.611451061Z	64	PC: 12c6a \| Write file or device (See above)
2018-12-25T12:21:55.638469665Z	66	PC: 12c88 \| Move file pointer (See above)
2018-12-25T12:21:55.640612237Z	64	PC: 12cb6 \| Write file or device (See above)
2018-12-25T12:21:55.646725561Z	87	PC: 12cca \| Get or set file date and time (See above)
2018-12-25T12:21:55.649702405Z	62	PC: 12cd2 \| Close file (See above)
2018-12-25T12:21:55.65808302Z	42	PC: 12aff \| Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12ce9 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cd3 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x32d], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x32f], es 0x12b30: push es
2018-12-25T12:21:55.661749618Z	9	PC: 12cfd \| Display string (String= ' I'm sorry, you lost something because of AUREA ')

{"DateBased":true,"Day":2,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:54.502905634Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T12:21:54.504657545Z	78	PC: 12b45 \| Find first file
2018-12-25T12:21:54.513110636Z	61	PC: 12bb6 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T12:21:54.5196557Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:21:54.525321358Z	66	PC: 12bf0 \| Move file pointer
2018-12-25T12:21:54.526771071Z	64	PC: 12c0d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:54.529227492Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-25T12:21:54.531735209Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-25T12:21:55.560054671Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:21:55.566937625Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-25T12:21:55.57364204Z	87	PC: 12cca \| Get or set file date and time
2018-12-25T12:21:55.575143462Z	62	PC: 12cd2 \| Close file
2018-12-25T12:21:55.582277257Z	78	PC: 12b45 \| Find first file (See above)
2018-12-25T12:21:55.588721879Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:55.595685506Z	63	PC: 12bca \| Read file or device (See above)
2018-12-25T12:21:55.60184435Z	66	PC: 12bf0 \| Move file pointer (See above)
2018-12-25T12:21:55.603333164Z	64	PC: 12c0d \| Write file or device (See above)
2018-12-25T12:21:55.606702105Z	44	PC: 12c22 \| Get time (See above)
2018-12-25T12:21:55.609435932Z	64	PC: 12c6a \| Write file or device (See above)
2018-12-25T12:21:55.638429693Z	66	PC: 12c88 \| Move file pointer (See above)
2018-12-25T12:21:55.640031478Z	64	PC: 12cb6 \| Write file or device (See above)
2018-12-25T12:21:55.64643511Z	87	PC: 12cca \| Get or set file date and time (See above)
2018-12-25T12:21:55.647778229Z	62	PC: 12cd2 \| Close file (See above)
2018-12-25T12:21:55.655634036Z	42	PC: 12aff \| Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12ce9 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cd3 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x32d], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x32f], es 0x12b30: push es
2018-12-25T12:21:55.658386668Z	26	PC: 12b39 \| Set disk transfer address
2018-12-25T12:21:55.659569803Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":4,"Month":9,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:54.721923958Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T12:21:54.723444916Z	78	PC: 12b45 \| Find first file
2018-12-25T12:21:54.732151233Z	61	PC: 12bb6 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T12:21:54.739448695Z	63	PC: 12bca \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:21:54.745241688Z	66	PC: 12bf0 \| Move file pointer
2018-12-25T12:21:54.746555792Z	64	PC: 12c0d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:54.749040565Z	44	PC: 12c22 \| Get time 0x12c22: mov al, ch 0x12c24: add al, cl 0x12c26: add al, dh 0x12c28: add al, dl 0x12c2a: mov byte ptr [0x349], al 0x12c2d: mov ax, word ptr [0x18] 0x12c30: xchg word ptr [0x1c], ax 0x12c34: mov word ptr [0x18], ax 0x12c37: mov ax, word ptr [0x1a] 0x12c3a: xchg word ptr [0x1e], ax 0x12c3e: mov word ptr [0x1a], ax 0x12c41: mov cx, 0x17 0x12c44: push ds 0x12c45: pop es 0x12c46: mov si, 0x15 0x12c49: mov di, 0x34a 0x12c4c: rep movsb byte ptr es:[di], byte ptr [si] 0x12c4e: mov ah, byte ptr [0x349] 0x12c52: mov cx, 0x2d4 0x12c55: lodsb al, byte ptr [si]
2018-12-25T12:21:54.751727254Z	64	PC: 12c6a \| Write file or device (Write 768 bytes on handle 5)
2018-12-25T12:21:55.562047308Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:21:55.564190949Z	64	PC: 12cb6 \| Write file or device (Write 20 bytes on handle 5)
2018-12-25T12:21:55.572879603Z	87	PC: 12cca \| Get or set file date and time
2018-12-25T12:21:55.575535562Z	62	PC: 12cd2 \| Close file
2018-12-25T12:21:55.58204689Z	78	PC: 12b45 \| Find first file (See above)
2018-12-25T12:21:55.589080568Z	61	PC: 12b9e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:55.596435675Z	63	PC: 12bca \| Read file or device (See above)
2018-12-25T12:21:55.610286177Z	66	PC: 12bf0 \| Move file pointer (See above)
2018-12-25T12:21:55.612121533Z	64	PC: 12c0d \| Write file or device (See above)
2018-12-25T12:21:55.623403996Z	44	PC: 12c22 \| Get time (See above)
2018-12-25T12:21:55.625659668Z	64	PC: 12c6a \| Write file or device (See above)
2018-12-25T12:21:55.646973246Z	66	PC: 12c88 \| Move file pointer (See above)
2018-12-25T12:21:55.649680012Z	64	PC: 12cb6 \| Write file or device (See above)
2018-12-25T12:21:55.65543696Z	87	PC: 12cca \| Get or set file date and time (See above)
2018-12-25T12:21:55.657336782Z	62	PC: 12cd2 \| Close file (See above)
2018-12-25T12:21:55.66720705Z	42	PC: 12aff \| Get date 0x12aff: cmp dx, 0x301 0x12b03: jne 0x12b0b 0x12b05: call 0x12ce9 0x12b08: jmp 0x12b1d 0x12b0a: nop 0x12b0b: cmp al, 1 0x12b0d: jne 0x12b1d 0x12b0f: cmp cx, 0x7ca 0x12b13: jae 0x12b1a 0x12b15: cmp dh, 9 0x12b18: jb 0x12b1d 0x12b1a: call 0x12cd3 0x12b1d: pop es 0x12b1e: mov di, 0x100 0x12b21: mov word ptr [0x32d], di 0x12b25: xor si, si 0x12b27: mov cx, 0x14 0x12b2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12b2c: mov word ptr [0x32f], es 0x12b30: push es
2018-12-25T12:21:55.670437668Z	26	PC: 12b39 \| Set disk transfer address
2018-12-25T12:21:55.671771341Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')