Sample viewer

vx.netlux.org/Virus.DOS.Gever.3555

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:20.70881524Z	48	PC: 12bcd \| Get DOS version
2018-12-17T22:47:20.748760753Z	75	PC: 12ca4 \| Execute program
2018-12-17T22:47:20.750778702Z	82	PC: 12caf \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:47:20.752212007Z	74	PC: 12d4b \| Reallocate memory
2018-12-17T22:47:20.753764665Z	72	PC: 12d51 \| Allocate memory
2018-12-17T22:47:20.755615701Z	98	PC: 12d8b \| Get current PSP
2018-12-17T22:47:20.757068128Z	42	PC: 9d63d \| Get date 0x9d63d: mov word ptr cs:[0xe04], dx 0x9d642: mov word ptr cs:[0xe06], cx 0x9d647: pop ds 0x9d648: pop dx 0x9d649: mov ax, 0x3d00 0x9d64c: call 0x9de35 0x9d64f: jb 0x9d69d 0x9d651: push cs 0x9d652: pop ds 0x9d653: xchg ax, bx 0x9d654: call 0x9d871 0x9d657: jb 0x9d69a 0x9d659: mov dx, 0xde2 0x9d65c: mov si, dx 0x9d65e: mov ah, 0x3f 0x9d660: mov cx, 0x20 0x9d663: int 0 0x9d665: cmp word ptr [si], 0x5a4d 0x9d669: je 0x9d6a0 0x9d66b: push cs
2018-12-17T22:47:20.759095128Z	61	PC: 9de3b \| Open file (Filename = '��~��')
2018-12-17T22:47:20.765738872Z	63	PC: 9d665 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:47:20.768356669Z	66	PC: 9d870 \| Move file pointer
2018-12-17T22:47:20.778363834Z	44	PC: 9d7f0 \| Get time 0x9d7f0: mov bx, dx 0x9d7f2: xor ah, dl 0x9d7f4: int3 0x9d7f5: mov byte ptr cs:[0x15e], ah 0x9d7fa: mov byte ptr cs:[0x160], al 0x9d7fe: mov word ptr cs:[0x162], bx 0x9d803: mov byte ptr cs:[0x114], 0x4c 0x9d809: push cs 0x9d80a: push cs 0x9d80b: pop ds 0x9d80c: pop es 0x9d80d: mov cx, word ptr cs:[0x102] 0x9d812: add cx, bp 0x9d814: mov word ptr cs:[0x102], cx 0x9d819: mov si, 0x100 0x9d81c: lea di, word ptr [bp + 0xe22] 0x9d820: mov cx, 0xd04 0x9d823: rep movsb byte ptr es:[di], byte ptr [si] 0x9d825: mov cx, 0xc27 0x9d828: lea di, word ptr [bp + 0x1b26]
2018-12-17T22:47:20.786486172Z	66	PC: 9d870 \| Move file pointer
2018-12-17T22:47:20.787800044Z	64	PC: 9d71c \| Write file or device (Write 3555 bytes on handle 5)
2018-12-17T22:47:21.119629282Z	66	PC: 9d870 \| Move file pointer
2018-12-17T22:47:21.122139414Z	64	PC: 9d750 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:21.126717524Z	62	PC: 9d776 \| Close file
2018-12-17T22:47:21.134283059Z	65	PC: 9d788 \| Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:47:21.141948739Z	65	PC: 9d788 \| Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:47:21.148646986Z	65	PC: 9d788 \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:47:21.154999328Z	65	PC: 9d788 \| Delete file (Filename = 'ZZ##.IM')
2018-12-17T22:47:21.161873854Z	65	PC: 9d788 \| Delete file (Filename = '�COMSPEC=20003�3۾�"�J�.�')
2018-12-17T22:47:21.166631846Z	42	PC: 12dc3 \| Get date 0x12dc3: cmp dh, 0xc 0x12dc6: jne 0x12e3f 0x12dc8: push cs 0x12dc9: pop ds 0x12dca: in al, 0x21 0x12dcc: or al, 2 0x12dce: out 0x21, al 0x12dd0: mov ax, 0xa000 0x12dd3: mov es, ax 0x12dd5: mov ax, 0x13 0x12dd8: int 0x10 0x12dda: call 0x12e9f 0x12ddd: mov di, 0x58c 0x12de0: mov al, 6 0x12de2: mov cx, 0xc4 0x12de5: push cx 0x12de6: mov cl, 0x14 0x12de8: rep stosb byte ptr es:[di], al 0x12dea: add di, 0x12c 0x12dee: pop cx
2018-12-17T22:47:21.176085814Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.190498772Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.20574213Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.219125473Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.232288235Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.247555642Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.261911368Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.275737217Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.288565926Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.302732816Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.316535987Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.325021253Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.332723599Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.340047748Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.348257132Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.355875661Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.363402833Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.372605476Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.386305959Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.400095342Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.414691783Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.428258426Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.442771474Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.457493545Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.471073074Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.484371638Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.50036838Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.514242271Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.527979133Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.542266079Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.557142235Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.571122834Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.58882932Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.603060479Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.619066942Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.632707607Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.641145149Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.650566548Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.658171189Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.669659013Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.68356132Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.695986456Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.710982787Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.724551935Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.739404858Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.754463175Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.768910042Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.78247666Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.80013154Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.814010923Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.829647625Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.845102186Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.859649538Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.873358852Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.888591896Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.902890588Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.921472904Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.935081326Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.950674373Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.963989324Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.979565064Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:21.993737438Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.007584395Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.021742167Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.037540456Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.046218042Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.054218988Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.064044445Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.072503773Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.080333204Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.088849583Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.097377393Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.104472983Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.112953428Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.121032987Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.129957207Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.138171577Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.148450719Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.160518667Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.168799111Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.176417839Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.190118164Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.202102766Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.213817726Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.227663573Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.241469256Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.256830564Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.270737148Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.285593638Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.298983653Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.312952399Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.327366232Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.342188565Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.355866933Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.371623961Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.385505342Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.404824849Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.418888831Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.42947062Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.436863474Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.444471831Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.459318987Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.472771086Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.486939921Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.500804536Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.515398275Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.529021788Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.543203791Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.557290421Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.571388887Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.611696768Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.628439106Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.690417227Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.705084495Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.728441377Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.764822492Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-17T22:47:22.894029602Z	9	PC: 12eaf \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9189,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.007234663Z	48	PC: 12bcd \| Get DOS version
2018-12-25T12:22:41.054824326Z	75	PC: 12ca4 \| Execute program
2018-12-25T12:22:41.057235427Z	82	PC: 12caf \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.05866675Z	74	PC: 12d4b \| Reallocate memory
2018-12-25T12:22:41.060216221Z	72	PC: 12d51 \| Allocate memory
2018-12-25T12:22:41.062692175Z	98	PC: 12d8b \| Get current PSP
2018-12-25T12:22:41.064615077Z	42	PC: 9d63d \| Get date 0x9d63d: mov word ptr cs:[0xe04], dx 0x9d642: mov word ptr cs:[0xe06], cx 0x9d647: pop ds 0x9d648: pop dx 0x9d649: mov ax, 0x3d00 0x9d64c: call 0x9de35 0x9d64f: jb 0x9d69d 0x9d651: push cs 0x9d652: pop ds 0x9d653: xchg ax, bx 0x9d654: call 0x9d871 0x9d657: jb 0x9d69a 0x9d659: mov dx, 0xde2 0x9d65c: mov si, dx 0x9d65e: mov ah, 0x3f 0x9d660: mov cx, 0x20 0x9d663: int 0 0x9d665: cmp word ptr [si], 0x5a4d 0x9d669: je 0x9d6a0 0x9d66b: push cs
2018-12-25T12:22:41.067044373Z	61	PC: 9de3b \| Open file (Filename = '��~��')
2018-12-25T12:22:41.075049651Z	63	PC: 9d665 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:22:41.078141363Z	66	PC: 9d870 \| Move file pointer
2018-12-25T12:22:41.094275086Z	44	PC: 9d7f0 \| Get time 0x9d7f0: mov bx, dx 0x9d7f2: xor ah, dl 0x9d7f4: int3 0x9d7f5: mov byte ptr cs:[0x15e], ah 0x9d7fa: mov byte ptr cs:[0x160], al 0x9d7fe: mov word ptr cs:[0x162], bx 0x9d803: mov byte ptr cs:[0x114], 0x4c 0x9d809: push cs 0x9d80a: push cs 0x9d80b: pop ds 0x9d80c: pop es 0x9d80d: mov cx, word ptr cs:[0x102] 0x9d812: add cx, bp 0x9d814: mov word ptr cs:[0x102], cx 0x9d819: mov si, 0x100 0x9d81c: lea di, word ptr [bp + 0xe22] 0x9d820: mov cx, 0xd04 0x9d823: rep movsb byte ptr es:[di], byte ptr [si] 0x9d825: mov cx, 0xc27 0x9d828: lea di, word ptr [bp + 0x1b26]
2018-12-25T12:22:41.104197831Z	66	PC: 9d870 \| Move file pointer (See above)
2018-12-25T12:22:41.105874974Z	64	PC: 9d71c \| Write file or device (Write 3555 bytes on handle 5)
2018-12-25T12:22:41.452128354Z	66	PC: 9d870 \| Move file pointer (See above)
2018-12-25T12:22:41.455888194Z	64	PC: 9d750 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:41.459734408Z	62	PC: 9d776 \| Close file
2018-12-25T12:22:41.468006163Z	65	PC: 9d788 \| Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T12:22:41.474804001Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.481578141Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.488430006Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.49567155Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.502429794Z	42	PC: 12dc3 \| Get date 0x12dc3: cmp dh, 0xc 0x12dc6: jne 0x12e3f 0x12dc8: push cs 0x12dc9: pop ds 0x12dca: in al, 0x21 0x12dcc: or al, 2 0x12dce: out 0x21, al 0x12dd0: mov ax, 0xa000 0x12dd3: mov es, ax 0x12dd5: mov ax, 0x13 0x12dd8: int 0x10 0x12dda: call 0x12e9f 0x12ddd: mov di, 0x58c 0x12de0: mov al, 6 0x12de2: mov cx, 0xc4 0x12de5: push cx 0x12de6: mov cl, 0x14 0x12de8: rep stosb byte ptr es:[di], al 0x12dea: add di, 0x12c 0x12dee: pop cx
2018-12-25T12:22:41.505646017Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:22:41.50905805Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9189,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:41.423475661Z	48	PC: 12bcd \| Get DOS version
2018-12-25T12:22:41.473549026Z	75	PC: 12ca4 \| Execute program
2018-12-25T12:22:41.474964868Z	82	PC: 12caf \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:22:41.476243535Z	74	PC: 12d4b \| Reallocate memory
2018-12-25T12:22:41.477935232Z	72	PC: 12d51 \| Allocate memory
2018-12-25T12:22:41.479540792Z	98	PC: 12d8b \| Get current PSP
2018-12-25T12:22:41.48105156Z	42	PC: 9d63d \| Get date 0x9d63d: mov word ptr cs:[0xe04], dx 0x9d642: mov word ptr cs:[0xe06], cx 0x9d647: pop ds 0x9d648: pop dx 0x9d649: mov ax, 0x3d00 0x9d64c: call 0x9de35 0x9d64f: jb 0x9d69d 0x9d651: push cs 0x9d652: pop ds 0x9d653: xchg ax, bx 0x9d654: call 0x9d871 0x9d657: jb 0x9d69a 0x9d659: mov dx, 0xde2 0x9d65c: mov si, dx 0x9d65e: mov ah, 0x3f 0x9d660: mov cx, 0x20 0x9d663: int 0 0x9d665: cmp word ptr [si], 0x5a4d 0x9d669: je 0x9d6a0 0x9d66b: push cs
2018-12-25T12:22:41.48437877Z	61	PC: 9de3b \| Open file (Filename = '��~��')
2018-12-25T12:22:41.494475536Z	63	PC: 9d665 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:22:41.497470312Z	66	PC: 9d870 \| Move file pointer
2018-12-25T12:22:41.513272998Z	44	PC: 9d7f0 \| Get time 0x9d7f0: mov bx, dx 0x9d7f2: xor ah, dl 0x9d7f4: int3 0x9d7f5: mov byte ptr cs:[0x15e], ah 0x9d7fa: mov byte ptr cs:[0x160], al 0x9d7fe: mov word ptr cs:[0x162], bx 0x9d803: mov byte ptr cs:[0x114], 0x4c 0x9d809: push cs 0x9d80a: push cs 0x9d80b: pop ds 0x9d80c: pop es 0x9d80d: mov cx, word ptr cs:[0x102] 0x9d812: add cx, bp 0x9d814: mov word ptr cs:[0x102], cx 0x9d819: mov si, 0x100 0x9d81c: lea di, word ptr [bp + 0xe22] 0x9d820: mov cx, 0xd04 0x9d823: rep movsb byte ptr es:[di], byte ptr [si] 0x9d825: mov cx, 0xc27 0x9d828: lea di, word ptr [bp + 0x1b26]
2018-12-25T12:22:41.520961775Z	66	PC: 9d870 \| Move file pointer (See above)
2018-12-25T12:22:41.522644684Z	64	PC: 9d71c \| Write file or device (Write 3555 bytes on handle 5)
2018-12-25T12:22:41.848766477Z	66	PC: 9d870 \| Move file pointer (See above)
2018-12-25T12:22:41.850505537Z	64	PC: 9d750 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:41.853484858Z	62	PC: 9d776 \| Close file
2018-12-25T12:22:41.864278033Z	65	PC: 9d788 \| Delete file (Filename = 't')
2018-12-25T12:22:41.870210195Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.873902771Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.876711232Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.880755804Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.88398924Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.888138814Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.895542273Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.89917059Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.903169177Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.907199708Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.910025661Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.912706394Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.917435277Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.921478015Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.925929511Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.932735011Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.936835116Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.943979361Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.948251332Z	65	PC: 9d788 \| Delete file (See above)
2018-12-25T12:22:41.951856999Z	42	PC: 12dc3 \| Get date 0x12dc3: cmp dh, 0xc 0x12dc6: jne 0x12e3f 0x12dc8: push cs 0x12dc9: pop ds 0x12dca: in al, 0x21 0x12dcc: or al, 2 0x12dce: out 0x21, al 0x12dd0: mov ax, 0xa000 0x12dd3: mov es, ax 0x12dd5: mov ax, 0x13 0x12dd8: int 0x10 0x12dda: call 0x12e9f 0x12ddd: mov di, 0x58c 0x12de0: mov al, 6 0x12de2: mov cx, 0xc4 0x12de5: push cx 0x12de6: mov cl, 0x14 0x12de8: rep stosb byte ptr es:[di], al 0x12dea: add di, 0x12c 0x12dee: pop cx
2018-12-25T12:22:41.958440951Z	9	PC: 12eaf \| Display string (Could not find end pointer)
2018-12-25T12:22:41.96779343Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:41.978337709Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:41.986707785Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.001018306Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.023348739Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.038819259Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.060929103Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.073873437Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.087132429Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.101031572Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.114874885Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.128666869Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.14388062Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.157126463Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.171929671Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.185752331Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.198732081Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.212445247Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.226711227Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.23990558Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.253087538Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.266905229Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.280652145Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.294072368Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.307537304Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.321084537Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.334970266Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.348302872Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.361877374Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.37531348Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.389259707Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.40359474Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.4180946Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.448698621Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.465346905Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.481108475Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.49531835Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.511651891Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.525498212Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.543038691Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.556973848Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.572058455Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.585488333Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.599374697Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.612605851Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.626806323Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.641386936Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.654933734Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.668095856Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.683728122Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.698355528Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.712241403Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.726526866Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.74003793Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.755851801Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.770125521Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.786978599Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.799529527Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.814531649Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.828421199Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.842389049Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.856780207Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.871184276Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.884366894Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.905054992Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.92220714Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.937457694Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.958544565Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:42.996467775Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:43.065147513Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:43.124709961Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:43.160315841Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:43.253930033Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:43.272292401Z	9	PC: 12eaf \| Display string (See above)
2018-12-25T12:22:43.505438404Z	9	PC: 12eaf \| Display string (See above)