Sample viewer

vx.netlux.org/Virus.DOS.Aurea.653

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:11:17.530067418Z 26 PC: 131ed | Set disk transfer address
2018-12-17T22:11:17.531864176Z 78 PC: 13243 | Find first file
2018-12-17T22:11:17.536886958Z 61 PC: 1328b | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:11:17.541927443Z 63 PC: 1329f | Read file or device (Read 14 bytes on handle 5)
2018-12-17T22:11:17.547133967Z 66 PC: 132c5 | Move file pointer
2018-12-17T22:11:17.548407482Z 64 PC: 132e2 | Write file or device (Write 9 bytes on handle 5)
2018-12-17T22:11:17.550962142Z 44 PC: 132f7 | Get time 0x132f7: mov al, ch
0x132f9: add al, cl
0x132fb: add al, dh
0x132fd: add al, dl
0x132ff: mov byte ptr [0x2cf], al
0x13302: mov ax, word ptr [0x12]
0x13305: xchg word ptr [0x16], ax
0x13309: mov word ptr [0x12], ax
0x1330c: mov ax, word ptr [0x14]
0x1330f: xchg word ptr [0x18], ax
0x13313: mov word ptr [0x14], ax
0x13316: mov cx, 0x17
0x13319: push ds
0x1331a: pop es
0x1331b: mov si, 0xf
0x1331e: mov di, 0x2d0
0x13321: rep movsb byte ptr es:[di], byte ptr [si]
0x13323: mov ah, byte ptr [0x2cf]
0x13327: mov cx, 0x267
0x1332a: lodsb al, byte ptr [si]
2018-12-17T22:11:17.553950689Z 64 PC: 1333f | Write file or device (Write 653 bytes on handle 5)
2018-12-17T22:11:17.567875032Z 66 PC: 1335d | Move file pointer
2018-12-17T22:11:17.569626456Z 64 PC: 1336d | Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:11:17.5769564Z 87 PC: 13381 | Get or set file date and time
2018-12-17T22:11:17.578839203Z 62 PC: 13389 | Close file
2018-12-17T22:11:17.586943586Z 78 PC: 13243 | Find first file
2018-12-17T22:11:17.596508306Z 61 PC: 1328b | Open file (Filename = 'EDIT.COM')
2018-12-17T22:11:17.602730502Z 79 PC: 13259 | Find next file
2018-12-17T22:11:17.605815Z 61 PC: 1328b | Open file (Filename = 'FORMAT.COM')
2018-12-17T22:11:17.612150253Z 79 PC: 13259 | Find next file
2018-12-17T22:11:17.616194096Z 61 PC: 1328b | Open file (Filename = 'KEYB.COM')
2018-12-17T22:11:17.620421475Z 79 PC: 13259 | Find next file
2018-12-17T22:11:17.62630852Z 61 PC: 1328b | Open file (Filename = 'SYS.COM')
2018-12-17T22:11:17.632828907Z 79 PC: 13259 | Find next file
2018-12-17T22:11:17.638536061Z 42 PC: 131fd | Get date 0x131fd: cmp dx, 0x301
0x13201: jne 0x13209
0x13203: call 0x133a0
0x13206: jmp 0x1321b
0x13208: nop
0x13209: cmp al, 1
0x1320b: jne 0x1321b
0x1320d: cmp cx, 0x7ca
0x13211: jae 0x13218
0x13213: cmp dh, 9
0x13216: jb 0x1321b
0x13218: call 0x1338a
0x1321b: pop es
0x1321c: mov di, 0x100
0x1321f: mov word ptr [0x2ba], di
0x13223: xor si, si
0x13225: mov cx, 0xe
0x13228: rep movsb byte ptr es:[di], byte ptr [si]
0x1322a: mov word ptr [0x2bc], es
0x1322e: push es
2018-12-17T22:11:17.641073975Z 26 PC: 13237 | Set disk transfer address
2018-12-17T22:11:17.642825805Z 74 PC: 12bdd | Reallocate memory
2018-12-17T22:11:17.645492455Z 61 PC: 12cec | Open file (Filename = 'gf�]f��g�] f��f��f �f1���&f� f��<tr<��fKf���f��+��f�@')
2018-12-17T22:11:17.651343323Z 9 PC: 1317e | Display string (Could not find end pointer)
2018-12-17T22:11:17.668981297Z 9 PC: 1317e | Display string (Could not find end pointer)
2018-12-17T22:11:17.671135738Z 76 PC: 12dcb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2380,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:36.618357835Z 26 PC: 131ed | Set disk transfer address
2018-12-25T11:45:36.619885592Z 78 PC: 13243 | Find first file
2018-12-25T11:45:36.62565927Z 61 PC: 1328b | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:36.631884299Z 63 PC: 1329f | Read file or device (Read 14 bytes on handle 5)
2018-12-25T11:45:36.638448813Z 66 PC: 132c5 | Move file pointer
2018-12-25T11:45:36.640013795Z 64 PC: 132e2 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:45:36.642862161Z 44 PC: 132f7 | Get time 0x132f7: mov al, ch
0x132f9: add al, cl
0x132fb: add al, dh
0x132fd: add al, dl
0x132ff: mov byte ptr [0x2cf], al
0x13302: mov ax, word ptr [0x12]
0x13305: xchg word ptr [0x16], ax
0x13309: mov word ptr [0x12], ax
0x1330c: mov ax, word ptr [0x14]
0x1330f: xchg word ptr [0x18], ax
0x13313: mov word ptr [0x14], ax
0x13316: mov cx, 0x17
0x13319: push ds
0x1331a: pop es
0x1331b: mov si, 0xf
0x1331e: mov di, 0x2d0
0x13321: rep movsb byte ptr es:[di], byte ptr [si]
0x13323: mov ah, byte ptr [0x2cf]
0x13327: mov cx, 0x267
0x1332a: lodsb al, byte ptr [si]
2018-12-25T11:45:36.645658937Z 64 PC: 1333f | Write file or device (Write 653 bytes on handle 5)
2018-12-25T11:45:37.11372133Z 66 PC: 1335d | Move file pointer
2018-12-25T11:45:37.1154946Z 64 PC: 1336d | Write file or device (Write 14 bytes on handle 5)
2018-12-25T11:45:37.122303756Z 87 PC: 13381 | Get or set file date and time
2018-12-25T11:45:37.125242074Z 62 PC: 13389 | Close file
2018-12-25T11:45:37.133501375Z 78 PC: 13243 | Find first file (See above)
2018-12-25T11:45:37.142554136Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.15013538Z 79 PC: 13259 | Find next file
2018-12-25T11:45:37.152986755Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.159115485Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.162608054Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.168604681Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.174415552Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.180997653Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.186764413Z 42 PC: 131fd | Get date 0x131fd: cmp dx, 0x301
0x13201: jne 0x13209
0x13203: call 0x133a0
0x13206: jmp 0x1321b
0x13208: nop
0x13209: cmp al, 1
0x1320b: jne 0x1321b
0x1320d: cmp cx, 0x7ca
0x13211: jae 0x13218
0x13213: cmp dh, 9
0x13216: jb 0x1321b
0x13218: call 0x1338a
0x1321b: pop es
0x1321c: mov di, 0x100
0x1321f: mov word ptr [0x2ba], di
0x13223: xor si, si
0x13225: mov cx, 0xe
0x13228: rep movsb byte ptr es:[di], byte ptr [si]
0x1322a: mov word ptr [0x2bc], es
0x1322e: push es
2018-12-25T11:45:37.189377048Z 26 PC: 13237 | Set disk transfer address
2018-12-25T11:45:37.190859634Z 74 PC: 12bdd | Reallocate memory
2018-12-25T11:45:37.193836204Z 61 PC: 12cec | Open file (Filename = 'gf�]f��g�] f��f��f �f1���&f� f��<tr<��fKf���f��+��f�@')
2018-12-25T11:45:37.199827614Z 9 PC: 1317e | Display string (Could not find end pointer)
2018-12-25T11:45:37.218569369Z 9 PC: 1317e | Display string (See above)
2018-12-25T11:45:37.220965365Z 76 PC: 12dcb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2380,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:37.361139962Z 26 PC: 131ed | Set disk transfer address
2018-12-25T11:45:37.362349823Z 78 PC: 13243 | Find first file
2018-12-25T11:45:37.367871356Z 61 PC: 1328b | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:37.373850941Z 63 PC: 1329f | Read file or device (Read 14 bytes on handle 5)
2018-12-25T11:45:37.380144889Z 66 PC: 132c5 | Move file pointer
2018-12-25T11:45:37.381376573Z 64 PC: 132e2 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:45:37.383125765Z 44 PC: 132f7 | Get time 0x132f7: mov al, ch
0x132f9: add al, cl
0x132fb: add al, dh
0x132fd: add al, dl
0x132ff: mov byte ptr [0x2cf], al
0x13302: mov ax, word ptr [0x12]
0x13305: xchg word ptr [0x16], ax
0x13309: mov word ptr [0x12], ax
0x1330c: mov ax, word ptr [0x14]
0x1330f: xchg word ptr [0x18], ax
0x13313: mov word ptr [0x14], ax
0x13316: mov cx, 0x17
0x13319: push ds
0x1331a: pop es
0x1331b: mov si, 0xf
0x1331e: mov di, 0x2d0
0x13321: rep movsb byte ptr es:[di], byte ptr [si]
0x13323: mov ah, byte ptr [0x2cf]
0x13327: mov cx, 0x267
0x1332a: lodsb al, byte ptr [si]
2018-12-25T11:45:37.385153722Z 64 PC: 1333f | Write file or device (Write 653 bytes on handle 5)
2018-12-25T11:45:37.396877816Z 66 PC: 1335d | Move file pointer
2018-12-25T11:45:37.39794992Z 64 PC: 1336d | Write file or device (Write 14 bytes on handle 5)
2018-12-25T11:45:37.402294118Z 87 PC: 13381 | Get or set file date and time
2018-12-25T11:45:37.403659843Z 62 PC: 13389 | Close file
2018-12-25T11:45:37.418059434Z 78 PC: 13243 | Find first file (See above)
2018-12-25T11:45:37.423957806Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.429172475Z 79 PC: 13259 | Find next file
2018-12-25T11:45:37.431261914Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.435306243Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.438256809Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.445635341Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.45183373Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.458745342Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.464416772Z 42 PC: 131fd | Get date 0x131fd: cmp dx, 0x301
0x13201: jne 0x13209
0x13203: call 0x133a0
0x13206: jmp 0x1321b
0x13208: nop
0x13209: cmp al, 1
0x1320b: jne 0x1321b
0x1320d: cmp cx, 0x7ca
0x13211: jae 0x13218
0x13213: cmp dh, 9
0x13216: jb 0x1321b
0x13218: call 0x1338a
0x1321b: pop es
0x1321c: mov di, 0x100
0x1321f: mov word ptr [0x2ba], di
0x13223: xor si, si
0x13225: mov cx, 0xe
0x13228: rep movsb byte ptr es:[di], byte ptr [si]
0x1322a: mov word ptr [0x2bc], es
0x1322e: push es
2018-12-25T11:45:37.466407602Z 26 PC: 13237 | Set disk transfer address
2018-12-25T11:45:37.467734708Z 74 PC: 12bdd | Reallocate memory
2018-12-25T11:45:37.470357465Z 61 PC: 12cec | Open file (Filename = 'gf�]f��g�] f��f��f �f1���&f� f��<tr<��fKf���f��+��f�@')
2018-12-25T11:45:37.476293163Z 9 PC: 1317e | Display string (Could not find end pointer)
2018-12-25T11:45:37.494421763Z 9 PC: 1317e | Display string (See above)
2018-12-25T11:45:37.496510375Z 76 PC: 12dcb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2380,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:37.373492848Z 26 PC: 131ed | Set disk transfer address
2018-12-25T11:45:37.374980983Z 78 PC: 13243 | Find first file
2018-12-25T11:45:37.380777515Z 61 PC: 1328b | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:37.387687497Z 63 PC: 1329f | Read file or device (Read 14 bytes on handle 5)
2018-12-25T11:45:37.394891383Z 66 PC: 132c5 | Move file pointer
2018-12-25T11:45:37.39674542Z 64 PC: 132e2 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:45:37.399720645Z 44 PC: 132f7 | Get time 0x132f7: mov al, ch
0x132f9: add al, cl
0x132fb: add al, dh
0x132fd: add al, dl
0x132ff: mov byte ptr [0x2cf], al
0x13302: mov ax, word ptr [0x12]
0x13305: xchg word ptr [0x16], ax
0x13309: mov word ptr [0x12], ax
0x1330c: mov ax, word ptr [0x14]
0x1330f: xchg word ptr [0x18], ax
0x13313: mov word ptr [0x14], ax
0x13316: mov cx, 0x17
0x13319: push ds
0x1331a: pop es
0x1331b: mov si, 0xf
0x1331e: mov di, 0x2d0
0x13321: rep movsb byte ptr es:[di], byte ptr [si]
0x13323: mov ah, byte ptr [0x2cf]
0x13327: mov cx, 0x267
0x1332a: lodsb al, byte ptr [si]
2018-12-25T11:45:37.40401009Z 64 PC: 1333f | Write file or device (Write 653 bytes on handle 5)
2018-12-25T11:45:37.424076351Z 66 PC: 1335d | Move file pointer
2018-12-25T11:45:37.425438433Z 64 PC: 1336d | Write file or device (Write 14 bytes on handle 5)
2018-12-25T11:45:37.43534642Z 87 PC: 13381 | Get or set file date and time
2018-12-25T11:45:37.438466366Z 62 PC: 13389 | Close file
2018-12-25T11:45:37.446045236Z 78 PC: 13243 | Find first file (See above)
2018-12-25T11:45:37.456823615Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.462968351Z 79 PC: 13259 | Find next file
2018-12-25T11:45:37.465875504Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.472610452Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.475889866Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.482786189Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.490037846Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.496941336Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.503835803Z 42 PC: 131fd | Get date 0x131fd: cmp dx, 0x301
0x13201: jne 0x13209
0x13203: call 0x133a0
0x13206: jmp 0x1321b
0x13208: nop
0x13209: cmp al, 1
0x1320b: jne 0x1321b
0x1320d: cmp cx, 0x7ca
0x13211: jae 0x13218
0x13213: cmp dh, 9
0x13216: jb 0x1321b
0x13218: call 0x1338a
0x1321b: pop es
0x1321c: mov di, 0x100
0x1321f: mov word ptr [0x2ba], di
0x13223: xor si, si
0x13225: mov cx, 0xe
0x13228: rep movsb byte ptr es:[di], byte ptr [si]
0x1322a: mov word ptr [0x2bc], es
0x1322e: push es
2018-12-25T11:45:37.506760342Z 9 PC: 133b4 | Display string (String= ' I'm sorry, you lost something because of AUREA ')

{"DateBased":true,"Day":2,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2380,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:37.424575009Z 26 PC: 131ed | Set disk transfer address
2018-12-25T11:45:37.434371269Z 78 PC: 13243 | Find first file
2018-12-25T11:45:37.440777823Z 61 PC: 1328b | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:37.447104793Z 63 PC: 1329f | Read file or device (Read 14 bytes on handle 5)
2018-12-25T11:45:37.455496217Z 66 PC: 132c5 | Move file pointer
2018-12-25T11:45:37.456770928Z 64 PC: 132e2 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:45:37.458793316Z 44 PC: 132f7 | Get time 0x132f7: mov al, ch
0x132f9: add al, cl
0x132fb: add al, dh
0x132fd: add al, dl
0x132ff: mov byte ptr [0x2cf], al
0x13302: mov ax, word ptr [0x12]
0x13305: xchg word ptr [0x16], ax
0x13309: mov word ptr [0x12], ax
0x1330c: mov ax, word ptr [0x14]
0x1330f: xchg word ptr [0x18], ax
0x13313: mov word ptr [0x14], ax
0x13316: mov cx, 0x17
0x13319: push ds
0x1331a: pop es
0x1331b: mov si, 0xf
0x1331e: mov di, 0x2d0
0x13321: rep movsb byte ptr es:[di], byte ptr [si]
0x13323: mov ah, byte ptr [0x2cf]
0x13327: mov cx, 0x267
0x1332a: lodsb al, byte ptr [si]
2018-12-25T11:45:37.460663589Z 64 PC: 1333f | Write file or device (Write 653 bytes on handle 5)
2018-12-25T11:45:37.473095267Z 66 PC: 1335d | Move file pointer
2018-12-25T11:45:37.474216668Z 64 PC: 1336d | Write file or device (Write 14 bytes on handle 5)
2018-12-25T11:45:37.478446387Z 87 PC: 13381 | Get or set file date and time
2018-12-25T11:45:37.480070459Z 62 PC: 13389 | Close file
2018-12-25T11:45:37.486305991Z 78 PC: 13243 | Find first file (See above)
2018-12-25T11:45:37.495826487Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.503393511Z 79 PC: 13259 | Find next file
2018-12-25T11:45:37.50689134Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.513250435Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.517023064Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.523896726Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.533261015Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.540095012Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.555075406Z 42 PC: 131fd | Get date 0x131fd: cmp dx, 0x301
0x13201: jne 0x13209
0x13203: call 0x133a0
0x13206: jmp 0x1321b
0x13208: nop
0x13209: cmp al, 1
0x1320b: jne 0x1321b
0x1320d: cmp cx, 0x7ca
0x13211: jae 0x13218
0x13213: cmp dh, 9
0x13216: jb 0x1321b
0x13218: call 0x1338a
0x1321b: pop es
0x1321c: mov di, 0x100
0x1321f: mov word ptr [0x2ba], di
0x13223: xor si, si
0x13225: mov cx, 0xe
0x13228: rep movsb byte ptr es:[di], byte ptr [si]
0x1322a: mov word ptr [0x2bc], es
0x1322e: push es
2018-12-25T11:45:37.557982278Z 26 PC: 13237 | Set disk transfer address
2018-12-25T11:45:37.55972437Z 74 PC: 12bdd | Reallocate memory
2018-12-25T11:45:37.564121678Z 61 PC: 12cec | Open file (Filename = 'gf�]f��g�] f��f��f �f1���&f� f��<tr<��fKf���f��+��f�@')
2018-12-25T11:45:37.570970436Z 9 PC: 1317e | Display string (Could not find end pointer)
2018-12-25T11:45:37.587819503Z 9 PC: 1317e | Display string (See above)
2018-12-25T11:45:37.591005392Z 76 PC: 12dcb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":4,"Month":9,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2380,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:37.494451249Z 26 PC: 131ed | Set disk transfer address
2018-12-25T11:45:37.49776873Z 78 PC: 13243 | Find first file
2018-12-25T11:45:37.50177695Z 61 PC: 1328b | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:37.507982501Z 63 PC: 1329f | Read file or device (Read 14 bytes on handle 5)
2018-12-25T11:45:37.514767603Z 66 PC: 132c5 | Move file pointer
2018-12-25T11:45:37.515957956Z 64 PC: 132e2 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:45:37.51874555Z 44 PC: 132f7 | Get time 0x132f7: mov al, ch
0x132f9: add al, cl
0x132fb: add al, dh
0x132fd: add al, dl
0x132ff: mov byte ptr [0x2cf], al
0x13302: mov ax, word ptr [0x12]
0x13305: xchg word ptr [0x16], ax
0x13309: mov word ptr [0x12], ax
0x1330c: mov ax, word ptr [0x14]
0x1330f: xchg word ptr [0x18], ax
0x13313: mov word ptr [0x14], ax
0x13316: mov cx, 0x17
0x13319: push ds
0x1331a: pop es
0x1331b: mov si, 0xf
0x1331e: mov di, 0x2d0
0x13321: rep movsb byte ptr es:[di], byte ptr [si]
0x13323: mov ah, byte ptr [0x2cf]
0x13327: mov cx, 0x267
0x1332a: lodsb al, byte ptr [si]
2018-12-25T11:45:37.521374264Z 64 PC: 1333f | Write file or device (Write 653 bytes on handle 5)
2018-12-25T11:45:37.536772711Z 66 PC: 1335d | Move file pointer
2018-12-25T11:45:37.538043165Z 64 PC: 1336d | Write file or device (Write 14 bytes on handle 5)
2018-12-25T11:45:37.544442572Z 87 PC: 13381 | Get or set file date and time
2018-12-25T11:45:37.546170181Z 62 PC: 13389 | Close file
2018-12-25T11:45:37.554055758Z 78 PC: 13243 | Find first file (See above)
2018-12-25T11:45:37.562726346Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.568967317Z 79 PC: 13259 | Find next file
2018-12-25T11:45:37.572773987Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.578684754Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.584179999Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.590116862Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.595951043Z 61 PC: 1328b | Open file (See above)
2018-12-25T11:45:37.60241178Z 79 PC: 13259 | Find next file (See above)
2018-12-25T11:45:37.608517722Z 42 PC: 131fd | Get date 0x131fd: cmp dx, 0x301
0x13201: jne 0x13209
0x13203: call 0x133a0
0x13206: jmp 0x1321b
0x13208: nop
0x13209: cmp al, 1
0x1320b: jne 0x1321b
0x1320d: cmp cx, 0x7ca
0x13211: jae 0x13218
0x13213: cmp dh, 9
0x13216: jb 0x1321b
0x13218: call 0x1338a
0x1321b: pop es
0x1321c: mov di, 0x100
0x1321f: mov word ptr [0x2ba], di
0x13223: xor si, si
0x13225: mov cx, 0xe
0x13228: rep movsb byte ptr es:[di], byte ptr [si]
0x1322a: mov word ptr [0x2bc], es
0x1322e: push es
2018-12-25T11:45:37.611646732Z 26 PC: 13237 | Set disk transfer address
2018-12-25T11:45:37.61310484Z 74 PC: 12bdd | Reallocate memory
2018-12-25T11:45:37.616528261Z 61 PC: 12cec | Open file (Filename = 'gf�]f��g�] f��f��f �f1���&f� f��<tr<��fKf���f��+��f�@')
2018-12-25T11:45:37.62254197Z 9 PC: 1317e | Display string (Could not find end pointer)
2018-12-25T11:45:37.640028563Z 9 PC: 1317e | Display string (See above)
2018-12-25T11:45:37.642065417Z 76 PC: 12dcb | Terminate with return code (Return code = '1')