Sample viewer

vx.netlux.org/Virus.DOS.Salamank.2700

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:45.936783298Z 146 PC: 1d1b9 | UNKNOWN!
2018-12-17T22:47:45.938816265Z 42 PC: 92ba2 | Get date 0x92ba2: cmp dl, 3
0x92ba5: jne 0x92be2
0x92ba7: mov ah, 0x2c
0x92ba9: int 0x21
0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
2018-12-17T22:47:45.940828372Z 42 PC: 92be6 | Get date 0x92be6: cmp dl, 3
0x92be9: jne 0x92bf6
0x92beb: cmp dh, 0xb
0x92bee: jl 0x92bf6
0x92bf0: call 0xa2b7d
0x92bf3: call 0xa2a50
0x92bf6: pop es
0x92bf7: pop dx
0x92bf8: pop cx
0x92bf9: pop ax
0x92bfa: ret
0x92bfb: pushf
0x92bfc: cmp ah, 0x92
0x92bff: jne 0x92c05
0x92c01: mov dl, 0x80
0x92c03: popf
0x92c04: iret
0x92c05: cmp ah, 0x3d
0x92c08: jne 0x92c3f
0x92c0a: push ax
2018-12-17T22:47:45.942925861Z 53 PC: 92c8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:45.944596219Z 67 PC: 92cac | Get or set file attributes
2018-12-17T22:47:45.953337641Z 67 PC: 92cba | Get or set file attributes
2018-12-17T22:47:46.292974698Z 61 PC: 92cc8 | Open file (Filename = ' � � ��<t��<t�s< t ��<t�_����m� rմM�!�k�y��t ��t�4���t��r�� w�����')
2018-12-17T22:47:46.298697913Z 87 PC: 92cd4 | Get or set file date and time
2018-12-17T22:47:46.299996533Z 66 PC: 92d01 | Move file pointer
2018-12-17T22:47:46.301078533Z 66 PC: 92d16 | Move file pointer
2018-12-17T22:47:46.302613221Z 63 PC: 92d20 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:46.307612161Z 66 PC: 92d29 | Move file pointer
2018-12-17T22:47:46.309398709Z 64 PC: 92d3c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:46.312891471Z 66 PC: 92e0f | Move file pointer
2018-12-17T22:47:46.314930879Z 64 PC: 92f06 | Write file or device (Write 2700 bytes on handle 5)
2018-12-17T22:47:46.32500325Z 87 PC: 92f19 | Get or set file date and time
2018-12-17T22:47:46.327336518Z 62 PC: 92f1d | Close file
2018-12-17T22:47:46.344755495Z 67 PC: 92f29 | Get or set file attributes
2018-12-17T22:47:46.355816031Z 53 PC: 92f2e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:46.359259143Z 48 PC: 1d235 | Get DOS version
2018-12-17T22:47:46.385988631Z 37 PC: 133c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:46.389013076Z 25 PC: 13ee7 | Get default drive
2018-12-17T22:47:46.390939569Z 14 PC: 13ef4 | Set default drive (Drive = 'A')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:51.498889308Z 146 PC: 1d1b9 | UNKNOWN!
2018-12-25T12:22:51.500811381Z 42 PC: 92ba2 | Get date 0x92ba2: cmp dl, 3
0x92ba5: jne 0x92be2
0x92ba7: mov ah, 0x2c
0x92ba9: int 0x21
0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
2018-12-25T12:22:51.503249164Z 42 PC: 92be6 | Get date 0x92be6: cmp dl, 3
0x92be9: jne 0x92bf6
0x92beb: cmp dh, 0xb
0x92bee: jl 0x92bf6
0x92bf0: call 0xa2b7d
0x92bf3: call 0xa2a50
0x92bf6: pop es
0x92bf7: pop dx
0x92bf8: pop cx
0x92bf9: pop ax
0x92bfa: ret
0x92bfb: pushf
0x92bfc: cmp ah, 0x92
0x92bff: jne 0x92c05
0x92c01: mov dl, 0x80
0x92c03: popf
0x92c04: iret
0x92c05: cmp ah, 0x3d
0x92c08: jne 0x92c3f
0x92c0a: push ax
2018-12-25T12:22:51.505692343Z 53 PC: 92c8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.515798009Z 67 PC: 92cac | Get or set file attributes
2018-12-25T12:22:51.529878738Z 67 PC: 92cba | Get or set file attributes
2018-12-25T12:22:53.203821991Z 61 PC: 92cc8 | Open file (Filename = ' � � ��<t��<t�s< t ��<t�_����m� rմM�!�k�y��t ��t�4���t��r�� w�����')
2018-12-25T12:22:53.216747179Z 87 PC: 92cd4 | Get or set file date and time
2018-12-25T12:22:53.21999907Z 66 PC: 92d01 | Move file pointer
2018-12-25T12:22:53.222576214Z 66 PC: 92d16 | Move file pointer
2018-12-25T12:22:53.225351608Z 63 PC: 92d20 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:53.232195832Z 66 PC: 92d29 | Move file pointer
2018-12-25T12:22:53.233998056Z 64 PC: 92d3c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:53.237439979Z 66 PC: 92e0f | Move file pointer
2018-12-25T12:22:53.240924972Z 64 PC: 92f06 | Write file or device (Write 2700 bytes on handle 5)
2018-12-25T12:22:53.253411815Z 87 PC: 92f19 | Get or set file date and time
2018-12-25T12:22:53.255582833Z 62 PC: 92f1d | Close file
2018-12-25T12:22:53.263661844Z 67 PC: 92f29 | Get or set file attributes
2018-12-25T12:22:53.276203409Z 53 PC: 92f2e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.278171489Z 48 PC: 1d235 | Get DOS version
2018-12-25T12:22:53.307868119Z 37 PC: 133c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.311771701Z 25 PC: 13ee7 | Get default drive
2018-12-25T12:22:53.313525974Z 14 PC: 13ef4 | Set default drive (Drive = 'A')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:51.551714347Z 146 PC: 1d1b9 | UNKNOWN!
2018-12-25T12:22:51.554203297Z 42 PC: 92ba2 | Get date 0x92ba2: cmp dl, 3
0x92ba5: jne 0x92be2
0x92ba7: mov ah, 0x2c
0x92ba9: int 0x21
0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
2018-12-25T12:22:51.556811752Z 44 PC: 92bab | Get time 0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
0x92bde: sti
0x92bdf: jmp 0x92bf6
0x92be1: nop
0x92be2: mov ah, 0x2a
2018-12-25T12:22:51.559390016Z 42 PC: 92be6 | Get date 0x92be6: cmp dl, 3
0x92be9: jne 0x92bf6
0x92beb: cmp dh, 0xb
0x92bee: jl 0x92bf6
0x92bf0: call 0xa2b7d
0x92bf3: call 0xa2a50
0x92bf6: pop es
0x92bf7: pop dx
0x92bf8: pop cx
0x92bf9: pop ax
0x92bfa: ret
0x92bfb: pushf
0x92bfc: cmp ah, 0x92
0x92bff: jne 0x92c05
0x92c01: mov dl, 0x80
0x92c03: popf
0x92c04: iret
0x92c05: cmp ah, 0x3d
0x92c08: jne 0x92c3f
0x92c0a: push ax
2018-12-25T12:22:51.565118154Z 53 PC: 92c8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.566986658Z 67 PC: 92cac | Get or set file attributes
2018-12-25T12:22:51.576275347Z 67 PC: 92cba | Get or set file attributes
2018-12-25T12:22:53.20371349Z 61 PC: 92cc8 | Open file (Filename = ' � � ��<t��<t�s< t ��<t�_����m� rմM�!�k�y��t ��t�4���t��r�� w�����')
2018-12-25T12:22:53.220557922Z 87 PC: 92cd4 | Get or set file date and time
2018-12-25T12:22:53.222144201Z 66 PC: 92d01 | Move file pointer
2018-12-25T12:22:53.226109453Z 66 PC: 92d16 | Move file pointer
2018-12-25T12:22:53.229600918Z 63 PC: 92d20 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:53.236945732Z 66 PC: 92d29 | Move file pointer
2018-12-25T12:22:53.238266891Z 64 PC: 92d3c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:53.244780157Z 66 PC: 92e0f | Move file pointer
2018-12-25T12:22:53.25088793Z 64 PC: 92f06 | Write file or device (Write 2700 bytes on handle 5)
2018-12-25T12:22:53.27075698Z 87 PC: 92f19 | Get or set file date and time
2018-12-25T12:22:53.274077031Z 62 PC: 92f1d | Close file
2018-12-25T12:22:53.284142382Z 67 PC: 92f29 | Get or set file attributes
2018-12-25T12:22:53.295760482Z 53 PC: 92f2e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.298518451Z 48 PC: 1d235 | Get DOS version
2018-12-25T12:22:53.328038997Z 37 PC: 133c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.332390627Z 25 PC: 13ee7 | Get default drive
2018-12-25T12:22:53.34060872Z 14 PC: 13ef4 | Set default drive (Drive = 'A')

{"DateBased":true,"Day":3,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:51.560456885Z 146 PC: 1d1b9 | UNKNOWN!
2018-12-25T12:22:51.572187058Z 42 PC: 92ba2 | Get date 0x92ba2: cmp dl, 3
0x92ba5: jne 0x92be2
0x92ba7: mov ah, 0x2c
0x92ba9: int 0x21
0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
2018-12-25T12:22:51.574628185Z 44 PC: 92bab | Get time 0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
0x92bde: sti
0x92bdf: jmp 0x92bf6
0x92be1: nop
0x92be2: mov ah, 0x2a
2018-12-25T12:22:51.576999324Z 42 PC: 92be6 | Get date 0x92be6: cmp dl, 3
0x92be9: jne 0x92bf6
0x92beb: cmp dh, 0xb
0x92bee: jl 0x92bf6
0x92bf0: call 0xa2b7d
0x92bf3: call 0xa2a50
0x92bf6: pop es
0x92bf7: pop dx
0x92bf8: pop cx
0x92bf9: pop ax
0x92bfa: ret
0x92bfb: pushf
0x92bfc: cmp ah, 0x92
0x92bff: jne 0x92c05
0x92c01: mov dl, 0x80
0x92c03: popf
0x92c04: iret
0x92c05: cmp ah, 0x3d
0x92c08: jne 0x92c3f
0x92c0a: push ax
2018-12-25T12:22:51.586925307Z 53 PC: 92c8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.588490206Z 67 PC: 92cac | Get or set file attributes
2018-12-25T12:22:51.596627429Z 67 PC: 92cba | Get or set file attributes
2018-12-25T12:22:53.202668149Z 61 PC: 92cc8 | Open file (Filename = ' � � ��<t��<t�s< t ��<t�_����m� rմM�!�k�y��t ��t�4���t��r�� w�����')
2018-12-25T12:22:53.210052366Z 87 PC: 92cd4 | Get or set file date and time
2018-12-25T12:22:53.211263147Z 66 PC: 92d01 | Move file pointer
2018-12-25T12:22:53.213241043Z 66 PC: 92d16 | Move file pointer
2018-12-25T12:22:53.215768864Z 63 PC: 92d20 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:53.237857219Z 66 PC: 92d29 | Move file pointer
2018-12-25T12:22:53.246751716Z 64 PC: 92d3c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:53.251400115Z 66 PC: 92e0f | Move file pointer
2018-12-25T12:22:53.253888472Z 64 PC: 92f06 | Write file or device (Write 2700 bytes on handle 5)
2018-12-25T12:22:53.265795609Z 87 PC: 92f19 | Get or set file date and time
2018-12-25T12:22:53.268930271Z 62 PC: 92f1d | Close file
2018-12-25T12:22:53.276901608Z 67 PC: 92f29 | Get or set file attributes
2018-12-25T12:22:53.28933038Z 53 PC: 92f2e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.30427699Z 48 PC: 1d235 | Get DOS version
2018-12-25T12:22:53.343547709Z 37 PC: 133c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.347162637Z 25 PC: 13ee7 | Get default drive
2018-12-25T12:22:53.349497554Z 14 PC: 13ef4 | Set default drive (Drive = 'A')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:51.953073807Z 146 PC: 1d1b9 | UNKNOWN!
2018-12-25T12:22:51.955804544Z 42 PC: 92ba2 | Get date 0x92ba2: cmp dl, 3
0x92ba5: jne 0x92be2
0x92ba7: mov ah, 0x2c
0x92ba9: int 0x21
0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
2018-12-25T12:22:51.958419023Z 42 PC: 92be6 | Get date 0x92be6: cmp dl, 3
0x92be9: jne 0x92bf6
0x92beb: cmp dh, 0xb
0x92bee: jl 0x92bf6
0x92bf0: call 0xa2b7d
0x92bf3: call 0xa2a50
0x92bf6: pop es
0x92bf7: pop dx
0x92bf8: pop cx
0x92bf9: pop ax
0x92bfa: ret
0x92bfb: pushf
0x92bfc: cmp ah, 0x92
0x92bff: jne 0x92c05
0x92c01: mov dl, 0x80
0x92c03: popf
0x92c04: iret
0x92c05: cmp ah, 0x3d
0x92c08: jne 0x92c3f
0x92c0a: push ax
2018-12-25T12:22:51.961060468Z 53 PC: 92c8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.964067543Z 67 PC: 92cac | Get or set file attributes
2018-12-25T12:22:51.972952459Z 67 PC: 92cba | Get or set file attributes
2018-12-25T12:22:52.304092349Z 61 PC: 92cc8 | Open file (Filename = ' � � ��<t��<t�s< t ��<t�_����m� rմM�!�k�y��t ��t�4���t��r�� w�����')
2018-12-25T12:22:52.312637391Z 87 PC: 92cd4 | Get or set file date and time
2018-12-25T12:22:52.31464032Z 66 PC: 92d01 | Move file pointer
2018-12-25T12:22:52.316450434Z 66 PC: 92d16 | Move file pointer
2018-12-25T12:22:52.318771145Z 63 PC: 92d20 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:52.324260374Z 66 PC: 92d29 | Move file pointer
2018-12-25T12:22:52.325686344Z 64 PC: 92d3c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:52.329213166Z 66 PC: 92e0f | Move file pointer
2018-12-25T12:22:52.331496338Z 64 PC: 92f06 | Write file or device (Write 2700 bytes on handle 5)
2018-12-25T12:22:52.342315678Z 87 PC: 92f19 | Get or set file date and time
2018-12-25T12:22:52.344795482Z 62 PC: 92f1d | Close file
2018-12-25T12:22:52.355672022Z 67 PC: 92f29 | Get or set file attributes
2018-12-25T12:22:52.375516819Z 53 PC: 92f2e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:52.377860618Z 48 PC: 1d235 | Get DOS version
2018-12-25T12:22:52.404654704Z 37 PC: 133c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:52.407258308Z 25 PC: 13ee7 | Get default drive
2018-12-25T12:22:52.408903085Z 14 PC: 13ef4 | Set default drive (Drive = 'A')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:51.632602576Z 146 PC: 1d1b9 | UNKNOWN!
2018-12-25T12:22:51.63542689Z 42 PC: 92ba2 | Get date 0x92ba2: cmp dl, 3
0x92ba5: jne 0x92be2
0x92ba7: mov ah, 0x2c
0x92ba9: int 0x21
0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
2018-12-25T12:22:51.638274697Z 44 PC: 92bab | Get time 0x92bab: cmp ch, 8
0x92bae: jl 0x92be2
0x92bb0: cmp ch, 0xa
0x92bb3: jg 0x92be2
0x92bb5: xor cx, cx
0x92bb7: mov es, cx
0x92bb9: mov cx, word ptr es:[0x20]
0x92bbe: mov ax, 0x865
0x92bc1: cmp ax, cx
0x92bc3: je 0x92be2
0x92bc5: cli
0x92bc6: mov word ptr cs:[0x9fc], cx
0x92bcb: mov cx, word ptr es:[0x22]
0x92bd0: mov word ptr cs:[0x9fe], cx
0x92bd5: mov word ptr es:[0x20], ax
0x92bd9: mov word ptr es:[0x22], cs
0x92bde: sti
0x92bdf: jmp 0x92bf6
0x92be1: nop
0x92be2: mov ah, 0x2a
2018-12-25T12:22:51.641072537Z 42 PC: 92be6 | Get date 0x92be6: cmp dl, 3
0x92be9: jne 0x92bf6
0x92beb: cmp dh, 0xb
0x92bee: jl 0x92bf6
0x92bf0: call 0xa2b7d
0x92bf3: call 0xa2a50
0x92bf6: pop es
0x92bf7: pop dx
0x92bf8: pop cx
0x92bf9: pop ax
0x92bfa: ret
0x92bfb: pushf
0x92bfc: cmp ah, 0x92
0x92bff: jne 0x92c05
0x92c01: mov dl, 0x80
0x92c03: popf
0x92c04: iret
0x92c05: cmp ah, 0x3d
0x92c08: jne 0x92c3f
0x92c0a: push ax
2018-12-25T12:22:51.645562635Z 53 PC: 92c8c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.64715011Z 67 PC: 92cac | Get or set file attributes
2018-12-25T12:22:51.659526349Z 67 PC: 92cba | Get or set file attributes
2018-12-25T12:22:53.203365037Z 61 PC: 92cc8 | Open file (Filename = ' � � ��<t��<t�s< t ��<t�_����m� rմM�!�k�y��t ��t�4���t��r�� w�����')
2018-12-25T12:22:53.211566972Z 87 PC: 92cd4 | Get or set file date and time
2018-12-25T12:22:53.21366837Z 66 PC: 92d01 | Move file pointer
2018-12-25T12:22:53.21570964Z 66 PC: 92d16 | Move file pointer
2018-12-25T12:22:53.21819726Z 63 PC: 92d20 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:53.22538665Z 66 PC: 92d29 | Move file pointer
2018-12-25T12:22:53.227367135Z 64 PC: 92d3c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:53.231255107Z 66 PC: 92e0f | Move file pointer
2018-12-25T12:22:53.233688971Z 64 PC: 92f06 | Write file or device (Write 2700 bytes on handle 5)
2018-12-25T12:22:53.245449044Z 87 PC: 92f19 | Get or set file date and time
2018-12-25T12:22:53.248114817Z 62 PC: 92f1d | Close file
2018-12-25T12:22:53.256385784Z 67 PC: 92f29 | Get or set file attributes
2018-12-25T12:22:53.267608769Z 53 PC: 92f2e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.270532472Z 48 PC: 1d235 | Get DOS version
2018-12-25T12:22:53.302270166Z 37 PC: 133c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:53.305675576Z 25 PC: 13ee7 | Get default drive
2018-12-25T12:22:53.30848625Z 14 PC: 13ef4 | Set default drive (Drive = 'A')