Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Elektron.6608

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:22.697681655Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:22.700706216Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:22.702200333Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:22.703709246Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:22.705357592Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:22.707386513Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:22.708765694Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:22.710179779Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:22.73883544Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:22.740417962Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:22.742009371Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:22.744349997Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:22.745637385Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:22.746933008Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:22.749466536Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:22.750823996Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:22.752102988Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:22.754393359Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:22.755950604Z	53	PC: 13b9a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:22.757331929Z	37	PC: 13baf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:22.762556892Z	37	PC: 13bb7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:22.765037712Z	37	PC: 13bbf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:22.767364943Z	37	PC: 13bc7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:22.770183136Z	68	PC: 148be \| I/O control for devices (Set for = '')
2018-12-17T22:43:22.773356867Z	44	PC: 149f5 \| Get time 0x149f5: mov word ptr [0x3e], cx 0x149f9: mov word ptr [0x40], dx 0x149fd: retf 0x149fe: mov cx, di 0x14a00: mov si, 0xa 0x14a03: mov bx, dx 0x14a05: or bx, bx 0x14a07: jns 0x14a1a 0x14a09: neg bx 0x14a0b: neg ax 0x14a0d: sbb bx, 0 0x14a10: call 0x14a1a 0x14a13: dec di 0x14a14: mov byte ptr es:[di], 0x2d 0x14a18: inc cx 0x14a19: ret 0x14a1a: xor dx, dx 0x14a1c: xchg ax, bx 0x14a1d: div si 0x14a1f: xchg ax, bx
2018-12-17T22:43:22.776985171Z	48	PC: 144cf \| Get DOS version
2018-12-17T22:43:22.779453998Z	61	PC: 14381 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:22.788053459Z	66	PC: 14b42 \| Move file pointer
2018-12-17T22:43:22.790597657Z	66	PC: 14b50 \| Move file pointer
2018-12-17T22:43:22.792501854Z	66	PC: 14b5e \| Move file pointer
2018-12-17T22:43:22.795363569Z	63	PC: 14454 \| Read file or device (Read 6608 bytes on handle 5)
2018-12-17T22:43:22.803566325Z	62	PC: 143d1 \| Close file
2018-12-17T22:43:22.806380561Z	26	PC: 139a9 \| Set disk transfer address
2018-12-17T22:43:22.809054703Z	78	PC: 139b5 \| Find first file
2018-12-17T22:43:22.816739115Z	61	PC: 14381 \| Open file (Filename = '\TEST.cOM')
2018-12-17T22:43:22.824063903Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.826119764Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.832188132Z	26	PC: 139a9 \| Set disk transfer address
2018-12-17T22:43:22.833663563Z	78	PC: 139b5 \| Find first file
2018-12-17T22:43:22.840501395Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.842525246Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.84576426Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.847144743Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.850737019Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.852265931Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.855496659Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.858067407Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.86106654Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.862414472Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.8665452Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.868122212Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.872197897Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.874971356Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.877780371Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.878957001Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.883356003Z	26	PC: 139cd \| Set disk transfer address
2018-12-17T22:43:22.885055616Z	79	PC: 139d2 \| Find next file
2018-12-17T22:43:22.888842017Z	61	PC: 14381 \| Open file (Filename = '\TEST.cOM')
2018-12-17T22:43:22.89569598Z	61	PC: 14381 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:43:22.903865213Z	62	PC: 143d1 \| Close file
2018-12-17T22:43:22.906396367Z	61	PC: 14381 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:43:22.913447691Z	62	PC: 143d1 \| Close file
2018-12-17T22:43:22.917040979Z	61	PC: 148a2 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:43:22.925606858Z	67	PC: 13978 \| Get or set file attributes
2018-12-17T22:43:22.945277372Z	62	PC: 13fd2 \| Close file
2018-12-17T22:43:22.949699348Z	61	PC: 14381 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:43:22.957139872Z	60	PC: 14381 \| Create or truncate file
2018-12-17T22:43:22.968583575Z	63	PC: 14454 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:43:22.977293935Z	64	PC: 14454 \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:43:22.986683711Z	63	PC: 14454 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:43:22.994800075Z	64	PC: 14454 \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:43:23.004402409Z	63	PC: 14454 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:43:23.014279039Z	64	PC: 14454 \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:43:23.021722089Z	63	PC: 14454 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:43:23.025171417Z	64	PC: 14454 \| Write file or device (Write 464 bytes on handle 6)
2018-12-17T22:43:23.03047039Z	63	PC: 14454 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:43:23.032725956Z	62	PC: 143d1 \| Close file
2018-12-17T22:43:23.041552634Z	62	PC: 143d1 \| Close file
2018-12-17T22:43:23.044394511Z	60	PC: 14381 \| Create or truncate file
2018-12-17T22:43:23.058977821Z	64	PC: 14454 \| Write file or device (Write 6608 bytes on handle 5)
2018-12-17T22:43:23.071488418Z	62	PC: 143d1 \| Close file
2018-12-17T22:43:23.085638084Z	42	PC: 138d7 \| Get date 0x138d7: xor ah, ah 0x138d9: les di, ptr [bp + 6] 0x138dc: stosw word ptr es:[di], ax 0x138dd: mov al, dl 0x138df: les di, ptr [bp + 0xa] 0x138e2: stosw word ptr es:[di], ax 0x138e3: mov al, dh 0x138e5: les di, ptr [bp + 0xe] 0x138e8: stosw word ptr es:[di], ax 0x138e9: xchg ax, cx 0x138ea: les di, ptr [bp + 0x12] 0x138ed: stosw word ptr es:[di], ax 0x138ee: pop bp 0x138ef: retf 0x10 0x138f2: push bp 0x138f3: mov bp, sp 0x138f5: mov cx, word ptr [bp + 0xa] 0x138f8: mov dh, byte ptr [bp + 8] 0x138fb: mov dl, byte ptr [bp + 6] 0x138fe: mov ah, 0x2b
2018-12-17T22:43:23.088822615Z	48	PC: 144cf \| Get DOS version
2018-12-17T22:43:23.090858038Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:23.09323362Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:23.094566934Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:23.095970399Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:23.09837172Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:23.100075359Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:23.101616224Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:23.103923587Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:23.10551707Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:23.107246227Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:23.109615126Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:23.111205103Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:23.11271032Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:23.114711388Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:23.116348302Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:23.117850524Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:23.119368194Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:23.121378871Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:23.123060389Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:23.124807921Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:23.127698811Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:23.129284349Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:23.130824391Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:23.133204491Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:23.13498224Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:23.136586463Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:23.138723036Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:23.141182185Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:23.142842563Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:23.145128536Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:23.147043834Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:23.14859078Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:23.150279471Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:23.153092975Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:23.154600927Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:23.155963918Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:23.158774647Z	53	PC: 13b0e \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:23.160148216Z	37	PC: 13b17 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:23.162674521Z	41	PC: 13ac5 \| Parse filename
2018-12-17T22:43:23.165181951Z	41	PC: 13ad3 \| Parse filename
2018-12-17T22:43:23.167064927Z	75	PC: 13ade \| Execute program
2018-12-17T22:43:23.186213832Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:23.188921076Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:23.190541911Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:23.192111539Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:23.194554016Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:23.196491235Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:23.198084307Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:23.200374107Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:23.202282201Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:23.203828856Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:23.206073812Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:23.207984411Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:23.20960278Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:23.211365361Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:23.21375025Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:23.215330588Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:23.216861844Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:23.219419538Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:23.220951455Z	53	PC: 18bda \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:23.222499843Z	37	PC: 18bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:23.224856269Z	37	PC: 18bf7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:23.22633165Z	37	PC: 18bff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:23.227774229Z	37	PC: 18c07 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:23.230211016Z	68	PC: 198fe \| I/O control for devices (Set for = '')
2018-12-17T22:43:23.231993554Z	44	PC: 19a35 \| Get time 0x19a35: mov word ptr [0x3e], cx 0x19a39: mov word ptr [0x40], dx 0x19a3d: retf 0x19a3e: mov cx, di 0x19a40: mov si, 0xa 0x19a43: mov bx, dx 0x19a45: or bx, bx 0x19a47: jns 0x19a5a 0x19a49: neg bx 0x19a4b: neg ax 0x19a4d: sbb bx, 0 0x19a50: call 0x19a5a 0x19a53: dec di 0x19a54: mov byte ptr es:[di], 0x2d 0x19a58: inc cx 0x19a59: ret 0x19a5a: xor dx, dx 0x19a5c: xchg ax, bx 0x19a5d: div si 0x19a5f: xchg ax, bx
2018-12-17T22:43:23.234688846Z	48	PC: 1950f \| Get DOS version
2018-12-17T22:43:23.237074927Z	61	PC: 193c1 \| Open file (Filename = 'A:\TEST.cOM')
2018-12-17T22:43:23.24444522Z	66	PC: 19b82 \| Move file pointer
2018-12-17T22:43:23.246208161Z	66	PC: 19b90 \| Move file pointer
2018-12-17T22:43:23.248511938Z	66	PC: 19b9e \| Move file pointer
2018-12-17T22:43:23.251232127Z	63	PC: 19494 \| Read file or device (Read 6608 bytes on handle 5)
2018-12-17T22:43:23.262273024Z	62	PC: 19411 \| Close file
2018-12-17T22:43:23.266053123Z	26	PC: 189e9 \| Set disk transfer address
2018-12-17T22:43:23.267519007Z	78	PC: 189f5 \| Find first file
2018-12-17T22:43:23.274998615Z	61	PC: 193c1 \| Open file (Filename = '\TEST.cOM')
2018-12-17T22:43:23.283017916Z	62	PC: 19411 \| Close file
2018-12-17T22:43:23.285476224Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.28708196Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.295209133Z	26	PC: 189e9 \| Set disk transfer address
2018-12-17T22:43:23.296719671Z	78	PC: 189f5 \| Find first file
2018-12-17T22:43:23.303564807Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.306049454Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.30919459Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.310702072Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.314745496Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.316247347Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.319390801Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.322327547Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.325427158Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.326867844Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.330746609Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.332199828Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.33523568Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.337744732Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.340756539Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.341956002Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.345881855Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.347404555Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.350590039Z	26	PC: 18a0d \| Set disk transfer address
2018-12-17T22:43:23.352679813Z	79	PC: 18a12 \| Find next file
2018-12-17T22:43:23.35561753Z	42	PC: 18917 \| Get date 0x18917: xor ah, ah 0x18919: les di, ptr [bp + 6] 0x1891c: stosw word ptr es:[di], ax 0x1891d: mov al, dl 0x1891f: les di, ptr [bp + 0xa] 0x18922: stosw word ptr es:[di], ax 0x18923: mov al, dh 0x18925: les di, ptr [bp + 0xe] 0x18928: stosw word ptr es:[di], ax 0x18929: xchg ax, cx 0x1892a: les di, ptr [bp + 0x12] 0x1892d: stosw word ptr es:[di], ax 0x1892e: pop bp 0x1892f: retf 0x10 0x18932: push bp 0x18933: mov bp, sp 0x18935: mov cx, word ptr [bp + 0xa] 0x18938: mov dh, byte ptr [bp + 8] 0x1893b: mov dl, byte ptr [bp + 6] 0x1893e: mov ah, 0x2b
2018-12-17T22:43:23.35846072Z	64	PC: 18ff8 \| Write file or device (Write 44 bytes on handle 1)
2018-12-17T22:43:23.364409573Z	64	PC: 18ff8 \| Write file or device (Write 47 bytes on handle 1)
2018-12-17T22:43:23.371566175Z	64	PC: 18ff8 \| Write file or device (Write 47 bytes on handle 1)
2018-12-17T22:43:23.378352691Z	64	PC: 18ff8 \| Write file or device (Write 50 bytes on handle 1)
2018-12-17T22:43:23.385094384Z	64	PC: 18ff8 \| Write file or device (Write 51 bytes on handle 1)
2018-12-17T22:43:23.390521516Z	64	PC: 18ff8 \| Write file or device (Write 55 bytes on handle 1)
2018-12-17T22:43:23.397870399Z	64	PC: 18ff8 \| Write file or device (Write 57 bytes on handle 1)
2018-12-17T22:43:23.405150893Z	64	PC: 18ff8 \| Write file or device (Write 57 bytes on handle 1)
2018-12-17T22:43:23.41195394Z	64	PC: 18ff8 \| Write file or device (Write 57 bytes on handle 1)
2018-12-17T22:43:23.418330636Z	64	PC: 18ff8 \| Write file or device (Write 57 bytes on handle 1)
2018-12-17T22:43:23.424845042Z	64	PC: 18ff8 \| Write file or device (Write 58 bytes on handle 1)
2018-12-17T22:43:23.431977357Z	64	PC: 18ff8 \| Write file or device (Write 59 bytes on handle 1)
2018-12-17T22:43:23.438602721Z	64	PC: 18ff8 \| Write file or device (Write 46 bytes on handle 1)
2018-12-17T22:43:23.443752052Z	64	PC: 18ff8 \| Write file or device (Write 48 bytes on handle 1)