Sample viewer

vx.netlux.org/Virus.DOS.Amz.789.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:03.360411208Z 26 PC: 12c6b | Set disk transfer address
2018-12-17T22:52:03.362148852Z 71 PC: 12c90 | Get current directory
2018-12-17T22:52:03.366830908Z 59 PC: 12e98 | Change current directory
2018-12-17T22:52:03.371610596Z 78 PC: 12ca9 | Find first file
2018-12-17T22:52:03.378454202Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.382713233Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.385987484Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.389183037Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.392853202Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.396425883Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.39962918Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.40485178Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.410609096Z 79 PC: 12ccf | Find next file
2018-12-17T22:52:03.413515886Z 78 PC: 12d36 | Find first file
2018-12-17T22:52:03.420228236Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-17T22:52:03.430340081Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:52:03.433418404Z 66 PC: 12e58 | Move file pointer
2018-12-17T22:52:03.435103009Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:52:03.438981915Z 66 PC: 12e6b | Move file pointer
2018-12-17T22:52:03.44068792Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-17T22:52:03.456384877Z 62 PC: 12e80 | Close file
2018-12-17T22:52:03.466637768Z 67 PC: 12e90 | Get or set file attributes
2018-12-17T22:52:03.478184388Z 79 PC: 12d45 | Find next file
2018-12-17T22:52:03.481942908Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-17T22:52:03.485790526Z 44 PC: 12d55 | Get time 0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
0x12d85: mov sp, word ptr cs:[0x423]
0x12d8a: sti
0x12d8b: cmp word ptr cs:[0x3cf], 1
0x12d91: je 0x12d98
2018-12-17T22:52:03.488758301Z 59 PC: 12d68 | Change current directory
2018-12-17T22:52:03.493632027Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:10.965243366Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:11.149981001Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:11.3640746Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:12.600298587Z 26 PC: 12c6b | Set disk transfer address
2018-12-25T12:29:12.602407147Z 71 PC: 12c90 | Get current directory
2018-12-25T12:29:12.605319018Z 59 PC: 12e98 | Change current directory
2018-12-25T12:29:12.609401225Z 78 PC: 12ca9 | Find first file
2018-12-25T12:29:12.621264475Z 79 PC: 12ccf | Find next file
2018-12-25T12:29:12.623892901Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.626500214Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.629080564Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.632120615Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.634575461Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.637157604Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.640452329Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.642944626Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.645350488Z 78 PC: 12d36 | Find first file
2018-12-25T12:29:12.652140708Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:12.658613949Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:29:12.66524404Z 66 PC: 12e58 | Move file pointer
2018-12-25T12:29:12.667710337Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:29:12.670614019Z 66 PC: 12e6b | Move file pointer
2018-12-25T12:29:12.672257132Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-25T12:29:12.688366264Z 62 PC: 12e80 | Close file
2018-12-25T12:29:12.696468459Z 67 PC: 12e90 | Get or set file attributes
2018-12-25T12:29:12.706443234Z 79 PC: 12d45 | Find next file
2018-12-25T12:29:12.710229076Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-25T12:29:12.712755543Z 59 PC: 12d68 | Change current directory
2018-12-25T12:29:12.717180159Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:12.728328845Z 26 PC: 12c6b | Set disk transfer address
2018-12-25T12:29:12.731280015Z 71 PC: 12c90 | Get current directory
2018-12-25T12:29:12.734911551Z 59 PC: 12e98 | Change current directory
2018-12-25T12:29:12.739775585Z 78 PC: 12ca9 | Find first file
2018-12-25T12:29:12.747505824Z 79 PC: 12ccf | Find next file
2018-12-25T12:29:12.757673792Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.760594179Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.763494252Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.767294911Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.770047338Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.773466281Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.77691143Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.779818588Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.783843785Z 78 PC: 12d36 | Find first file
2018-12-25T12:29:12.791637335Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:12.79949814Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:29:12.803070777Z 66 PC: 12e58 | Move file pointer
2018-12-25T12:29:12.806192436Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:29:12.809923821Z 66 PC: 12e6b | Move file pointer
2018-12-25T12:29:12.811961824Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-25T12:29:12.82962531Z 62 PC: 12e80 | Close file
2018-12-25T12:29:12.839721143Z 67 PC: 12e90 | Get or set file attributes
2018-12-25T12:29:12.851617244Z 79 PC: 12d45 | Find next file
2018-12-25T12:29:12.855182776Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-25T12:29:12.858197247Z 59 PC: 12d68 | Change current directory
2018-12-25T12:29:12.863073458Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:12.827674815Z 26 PC: 12c6b | Set disk transfer address
2018-12-25T12:29:12.829058959Z 71 PC: 12c90 | Get current directory
2018-12-25T12:29:12.831963916Z 59 PC: 12e98 | Change current directory
2018-12-25T12:29:12.835734027Z 78 PC: 12ca9 | Find first file
2018-12-25T12:29:12.845413063Z 79 PC: 12ccf | Find next file
2018-12-25T12:29:12.848059499Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.849866417Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.852135364Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.855158437Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.858218126Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.860506251Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.863878081Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.866158852Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.868576403Z 78 PC: 12d36 | Find first file
2018-12-25T12:29:12.875480685Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:12.882192661Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:29:12.888883334Z 66 PC: 12e58 | Move file pointer
2018-12-25T12:29:12.891457964Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:29:12.894196839Z 66 PC: 12e6b | Move file pointer
2018-12-25T12:29:12.895439035Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-25T12:29:12.910029944Z 62 PC: 12e80 | Close file
2018-12-25T12:29:12.917788325Z 67 PC: 12e90 | Get or set file attributes
2018-12-25T12:29:12.927358576Z 79 PC: 12d45 | Find next file
2018-12-25T12:29:12.931431298Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-25T12:29:12.934172417Z 59 PC: 12d68 | Change current directory
2018-12-25T12:29:12.938423914Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":14,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:12.899992942Z 26 PC: 12c6b | Set disk transfer address
2018-12-25T12:29:12.901676596Z 71 PC: 12c90 | Get current directory
2018-12-25T12:29:12.903734875Z 59 PC: 12e98 | Change current directory
2018-12-25T12:29:12.906558981Z 78 PC: 12ca9 | Find first file
2018-12-25T12:29:12.91467453Z 79 PC: 12ccf | Find next file
2018-12-25T12:29:12.917044874Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.919186733Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.923768125Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.925957037Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.927729634Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.930131925Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.932165683Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.933911258Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:12.936069101Z 78 PC: 12d36 | Find first file
2018-12-25T12:29:12.941281061Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:12.948100282Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:29:12.955933867Z 66 PC: 12e58 | Move file pointer
2018-12-25T12:29:12.959131984Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:29:12.962488111Z 66 PC: 12e6b | Move file pointer
2018-12-25T12:29:12.966443176Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-25T12:29:12.984475602Z 62 PC: 12e80 | Close file
2018-12-25T12:29:12.994171301Z 67 PC: 12e90 | Get or set file attributes
2018-12-25T12:29:13.012241099Z 79 PC: 12d45 | Find next file
2018-12-25T12:29:13.015067207Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-25T12:29:13.018953433Z 59 PC: 12d68 | Change current directory
2018-12-25T12:29:13.023647651Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":14,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:13.033587171Z 26 PC: 12c6b | Set disk transfer address
2018-12-25T12:29:13.035226968Z 71 PC: 12c90 | Get current directory
2018-12-25T12:29:13.038218947Z 59 PC: 12e98 | Change current directory
2018-12-25T12:29:13.04219878Z 78 PC: 12ca9 | Find first file
2018-12-25T12:29:13.054407343Z 79 PC: 12ccf | Find next file
2018-12-25T12:29:13.057247182Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.060446304Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.06380094Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.066297308Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.068718416Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.071867367Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.075092883Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.077279213Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.079740559Z 78 PC: 12d36 | Find first file
2018-12-25T12:29:13.085750536Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:13.092142454Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:29:13.094892137Z 66 PC: 12e58 | Move file pointer
2018-12-25T12:29:13.096540744Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:29:13.102027079Z 66 PC: 12e6b | Move file pointer
2018-12-25T12:29:13.103402244Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-25T12:29:13.118695141Z 62 PC: 12e80 | Close file
2018-12-25T12:29:13.133440365Z 67 PC: 12e90 | Get or set file attributes
2018-12-25T12:29:13.149758052Z 79 PC: 12d45 | Find next file
2018-12-25T12:29:13.153804994Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-25T12:29:13.15592318Z 59 PC: 12d68 | Change current directory
2018-12-25T12:29:13.159775302Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":14,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:13.089512111Z 26 PC: 12c6b | Set disk transfer address
2018-12-25T12:29:13.09142947Z 71 PC: 12c90 | Get current directory
2018-12-25T12:29:13.094395161Z 59 PC: 12e98 | Change current directory
2018-12-25T12:29:13.098446423Z 78 PC: 12ca9 | Find first file
2018-12-25T12:29:13.10961728Z 79 PC: 12ccf | Find next file
2018-12-25T12:29:13.112193433Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.114839064Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.118441604Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.121090592Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.123728346Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.127066854Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.130482021Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.132931078Z 79 PC: 12ccf | Find next file (See above)
2018-12-25T12:29:13.135362542Z 78 PC: 12d36 | Find first file
2018-12-25T12:29:13.141687049Z 61 PC: 12dab | Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:13.148328764Z 63 PC: 12dba | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:29:13.155727192Z 66 PC: 12e58 | Move file pointer
2018-12-25T12:29:13.160633898Z 64 PC: 12e62 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:29:13.163445457Z 66 PC: 12e6b | Move file pointer
2018-12-25T12:29:13.165060944Z 64 PC: 12e7c | Write file or device (Write 800 bytes on handle 5)
2018-12-25T12:29:13.180032643Z 62 PC: 12e80 | Close file
2018-12-25T12:29:13.187904256Z 67 PC: 12e90 | Get or set file attributes
2018-12-25T12:29:13.197407309Z 79 PC: 12d45 | Find next file
2018-12-25T12:29:13.205533638Z 42 PC: 12d4b | Get date 0x12d4b: cmp cx, 0x7ca
0x12d4f: jb 0x12d61
0x12d51: mov ah, 0x2c
0x12d53: int 0x21
0x12d55: cmp ch, 8
0x12d58: jb 0x12d61
0x12d5a: cmp ch, 0xd
0x12d5d: jae 0x12d61
0x12d5f: int 0x19
0x12d61: mov dx, 0x425
0x12d64: mov ah, 0x3b
0x12d66: int 0x21
0x12d68: mov word ptr cs:[0x263], 0xff2e
0x12d6f: mov word ptr cs:[0x265], 0x1d2e
0x12d76: mov byte ptr cs:[0x267], 4
0x12d7c: pop ds
0x12d7d: pop es
0x12d7e: pop ax
0x12d7f: cli
0x12d80: mov ss, word ptr cs:[0x421]
2018-12-25T12:29:13.208212964Z 59 PC: 12d68 | Change current directory
2018-12-25T12:29:13.213459082Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')