Sample viewer

vx.netlux.org/Virus.DOS.Pixel.Hydra.372

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:21:33.095755249Z 26 PC: 12ae5 | Set disk transfer address
2018-12-17T22:21:33.097314759Z 78 PC: 12aec | Find first file
2018-12-17T22:21:33.103206427Z 61 PC: 12af7 | Open file (Filename = '¹ÿÿ¾t¿')
2018-12-17T22:21:33.109568587Z 63 PC: 12b06 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:21:33.116834879Z 66 PC: 12b2c | Move file pointer
2018-12-17T22:21:33.118199871Z 64 PC: 12b39 | Write file or device (Write 779 bytes on handle 5)
2018-12-17T22:21:33.132904073Z 62 PC: 12b3d | Close file
2018-12-17T22:21:33.140996078Z 26 PC: 12b46 | Set disk transfer address
2018-12-17T22:21:33.142665545Z 48 PC: 130a9 | Get DOS version
2018-12-17T22:21:33.143747586Z 74 PC: 130b5 | Reallocate memory
2018-12-17T22:21:33.145345024Z 74 PC: 130b5 | Reallocate memory
2018-12-17T22:21:33.146945192Z 74 PC: 12c4e | Reallocate memory
2018-12-17T22:21:33.148436Z 44 PC: 12c7a | Get time 0x12c7a: mov byte ptr es:[5], ch
0x12c7f: pop word ptr es:[0x518]
0x12c84: pop word ptr es:[0x51a]
0x12c89: xor bx, bx
0x12c8b: mov ds, bx
0x12c8d: mov word ptr [bx + 0x84], 0x51c
0x12c93: mov word ptr [bx + 0x86], es
0x12c97: call 0x12d28
0x12c9a: pop bp
0x12c9b: pop si
0x12c9c: pop di
0x12c9d: pop es
0x12c9e: pop ds
0x12c9f: pop dx
0x12ca0: pop cx
0x12ca1: pop bx
0x12ca2: pop ax
0x12ca3: push cs
0x12ca4: pop ax
0x12ca5: sub ax, 0xc
2018-12-17T22:21:33.150343294Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.152314008Z 76 PC: 12a5d | Terminate with return code (Return code = '0')
2018-12-17T22:21:33.154286378Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.156220651Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:21:33.157918069Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.160018294Z 72 PC: 12174 | Allocate memory
2018-12-17T22:21:33.161684706Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.164397701Z 72 PC: 1218d | Allocate memory
2018-12-17T22:21:33.165873646Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.167473749Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:21:33.168959194Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.171070892Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:21:33.172134163Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.174763634Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:33.176549916Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.178600087Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.180608988Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.182692009Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.184108031Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.186739595Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.188138471Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.189998146Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.191828139Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.193812766Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.195080809Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.199657216Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.201081751Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.203090625Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.20522406Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.207735049Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.209483336Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.212431249Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.214282279Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.216671692Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.21868327Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.22075623Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.222128431Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.224911942Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.226367339Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.228415629Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.230078841Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.232088059Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.233466509Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.235990686Z 62 PC: 122ab | Close file
2018-12-17T22:21:33.238743189Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.240282031Z 17 PC: 9869d | Find first file
2018-12-17T22:21:33.244142655Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:21:33.247820722Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.249213197Z 66 PC: 12372 | Move file pointer
2018-12-17T22:21:33.250979428Z 44 PC: 98884 | Get time 0x98884: cmp ch, byte ptr cs:[5]
0x98889: je 0x98902
0x9888b: cmp word ptr cs:[3], 0x2a3
0x98892: jbe 0x98902
0x98894: mov ax, 3
0x98897: int 0x10
0x98899: call 0x98907
0x9889c: mov ax, 0xb800
0x9889f: call 0x988aa
0x988a2: mov ax, 0xb000
0x988a5: call 0x988aa
0x988a8: cli
0x988a9: hlt
0x988aa: mov es, ax
0x988ac: xor di, di
0x988ae: mov ax, 0x8cc9
0x988b1: stosw word ptr es:[di], ax
0x988b2: mov al, 0xcd
0x988b4: mov cx, 0x4e
0x988b7: rep stosd dword ptr es:[di], eax
2018-12-17T22:21:33.252448998Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)