Sample viewer

vx.netlux.org/Virus.DOS.VCL.Replico.510

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:49.669487704Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:49:49.671639432Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:49.673231634Z 26 PC: 12f7e | Set disk transfer address
2018-12-17T22:49:49.674277611Z 53 PC: 12e73 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:49.675943082Z 37 PC: 12e85 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:49.677394379Z 71 PC: 12e91 | Get current directory
2018-12-17T22:49:49.681096901Z 78 PC: 12ecc | Find first file
2018-12-17T22:49:49.68794496Z 61 PC: 12f87 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:49.692357561Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:49:49.696476784Z 62 PC: 12eeb | Close file
2018-12-17T22:49:49.697854864Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.712764393Z 61 PC: 12f87 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:49.719509376Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:49.722370282Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:49.724266904Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:49.725884541Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:49:49.731306779Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:49.733808389Z 62 PC: 12f66 | Close file
2018-12-17T22:49:49.743257534Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.75341507Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:49.756600186Z 61 PC: 12f87 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:49:49.763929216Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:49:49.770177059Z 62 PC: 12eeb | Close file
2018-12-17T22:49:49.772870587Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.783505653Z 61 PC: 12f87 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:49:49.790432647Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:49.794769045Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:49.796343444Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:49.798991202Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:49:49.807950809Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:49.810017198Z 62 PC: 12f66 | Close file
2018-12-17T22:49:49.818308378Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.829426649Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:49.832226696Z 61 PC: 12f87 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:49:49.838701108Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:49:49.84590359Z 62 PC: 12eeb | Close file
2018-12-17T22:49:49.847850065Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.857737343Z 61 PC: 12f87 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:49:49.865346047Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:49.878692182Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:49.879704989Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:49.881675553Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:49:49.88779304Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:49.889561455Z 62 PC: 12f66 | Close file
2018-12-17T22:49:49.894764111Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.904932709Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:49.907582467Z 61 PC: 12f87 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:49:49.914131198Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:49:49.922035732Z 62 PC: 12eeb | Close file
2018-12-17T22:49:49.923849095Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.933885757Z 61 PC: 12f87 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:49:49.946732405Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:49.953396789Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:49.954892146Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:49.960069075Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:49:49.968520279Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:49.969893487Z 62 PC: 12f66 | Close file
2018-12-17T22:49:49.978227456Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:49.987667193Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:49.990145974Z 61 PC: 12f87 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:49:49.997506789Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:49:50.003912884Z 62 PC: 12eeb | Close file
2018-12-17T22:49:50.00572663Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:50.010573521Z 61 PC: 12f87 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:49:50.015893265Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:49:50.018565359Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:50.020600277Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:50.02308421Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 2)
2018-12-17T22:49:50.034454239Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:50.036624485Z 62 PC: 12f66 | Close file
2018-12-17T22:49:50.038548236Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:50.042963518Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:50.046439247Z 61 PC: 12f87 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:50.052674205Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:49:50.058789348Z 62 PC: 12eeb | Close file
2018-12-17T22:49:50.061077996Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:50.070622316Z 61 PC: 12f87 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:50.077931339Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:49:50.081814351Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:50.083658355Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:50.086004905Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 2)
2018-12-17T22:49:50.094261054Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:50.095729653Z 62 PC: 12f66 | Close file
2018-12-17T22:49:50.10291856Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:50.113079095Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:50.115643044Z 61 PC: 12f87 | Open file (Filename = 'PAH.COM')
2018-12-17T22:49:50.1219756Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:49:50.128652473Z 62 PC: 12eeb | Close file
2018-12-17T22:49:50.131143721Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:50.141276848Z 61 PC: 12f87 | Open file (Filename = 'PAH.COM')
2018-12-17T22:49:50.14914156Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:49:50.151944147Z 66 PC: 12f79 | Move file pointer
2018-12-17T22:49:50.153463784Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-17T22:49:50.156890578Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 2)
2018-12-17T22:49:50.165375827Z 87 PC: 12f62 | Get or set file date and time
2018-12-17T22:49:50.167140207Z 62 PC: 12f66 | Close file
2018-12-17T22:49:50.174851747Z 67 PC: 12f92 | Get or set file attributes
2018-12-17T22:49:50.184937652Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:50.187625503Z 61 PC: 12f87 | Open file (Filename = 'TEST.COM')
2018-12-17T22:49:50.194309835Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:49:50.20079373Z 62 PC: 12eeb | Close file
2018-12-17T22:49:50.202558906Z 79 PC: 12ecc | Find next file
2018-12-17T22:49:50.205060633Z 59 PC: 12ea0 | Change current directory
2018-12-17T22:49:50.209634933Z 9 PC: 12eaa | Display string (String= 'Replico Virus NoTrace DeLuxe Italian Viral Labs [IVP] ')
2018-12-17T22:49:50.214683733Z 37 PC: 12eb4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:50.216534141Z 59 PC: 12ebe | Change current directory
2018-12-17T22:49:50.220238824Z 26 PC: 12f7e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10023,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:04.29779033Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:27:04.299734373Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:04.30134771Z 26 PC: 12f7e | Set disk transfer address
2018-12-25T12:27:04.302327843Z 53 PC: 12e73 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:04.310700713Z 37 PC: 12e85 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:04.312230159Z 71 PC: 12e91 | Get current directory
2018-12-25T12:27:04.315181193Z 78 PC: 12ecc | Find first file
2018-12-25T12:27:04.321255968Z 61 PC: 12f87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:04.327771798Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:27:04.333571607Z 62 PC: 12eeb | Close file
2018-12-25T12:27:04.335185868Z 67 PC: 12f92 | Get or set file attributes
2018-12-25T12:27:04.352446061Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.358861672Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:04.361773007Z 66 PC: 12f79 | Move file pointer
2018-12-25T12:27:04.36410593Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-25T12:27:04.366592501Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 5)
2018-12-25T12:27:04.37486881Z 87 PC: 12f62 | Get or set file date and time
2018-12-25T12:27:04.377606581Z 62 PC: 12f66 | Close file
2018-12-25T12:27:04.385975925Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.395301886Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.398267647Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.404521037Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.410447159Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.413045608Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.423412372Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.430312772Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.433497343Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.436198661Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.438803382Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.448055638Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.450340375Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.458152166Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.467915219Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.47103496Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.477779376Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.48428099Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.486614158Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.495937238Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.503276306Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.50774049Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.508650874Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.510487089Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.515937514Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.517070178Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.521932252Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.528552258Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.530312158Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.534307536Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.538674052Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.539959907Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.54988015Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.562189946Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.568683133Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.570080662Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.573689612Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.582022638Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.583578715Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.592209086Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.601934351Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.604500147Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.611524499Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.618300954Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.620048732Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.626077084Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.642950192Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.64628461Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.648219448Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.650531448Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.664040257Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.666124274Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.667976829Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.672325887Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.679859885Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.691654773Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.69761076Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.6994901Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.709418447Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.716281489Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.718847772Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.720851445Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.723140668Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.731145535Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.733707591Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.741357145Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.838050395Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.842490657Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.849421222Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.856117068Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.858925286Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.898328931Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.905156893Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.90865779Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.910363198Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.912936511Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.924267436Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.925758768Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.979096757Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.998161323Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:05.008497983Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:05.016764926Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:05.023775566Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:05.025549163Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:05.027910273Z 59 PC: 12ea0 | Change current directory
2018-12-25T12:27:05.032237873Z 9 PC: 12eaa | Display string (String= 'Replico Virus NoTrace DeLuxe Italian Viral Labs [IVP] ')
2018-12-25T12:27:05.040642909Z 37 PC: 12eb4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:05.041793046Z 59 PC: 12ebe | Change current directory
2018-12-25T12:27:05.044029272Z 26 PC: 12f7e | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10023,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:04.315211069Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:27:04.317552979Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:04.319194602Z 26 PC: 12f7e | Set disk transfer address
2018-12-25T12:27:04.320249065Z 53 PC: 12e73 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:04.322177347Z 37 PC: 12e85 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:04.323345315Z 71 PC: 12e91 | Get current directory
2018-12-25T12:27:04.326102379Z 78 PC: 12ecc | Find first file
2018-12-25T12:27:04.331828768Z 61 PC: 12f87 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:04.33923087Z 63 PC: 12ee7 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:27:04.355350165Z 62 PC: 12eeb | Close file
2018-12-25T12:27:04.35764629Z 67 PC: 12f92 | Get or set file attributes
2018-12-25T12:27:04.372496419Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.379113685Z 64 PC: 12f3b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:04.381839825Z 66 PC: 12f79 | Move file pointer
2018-12-25T12:27:04.383962195Z 44 PC: 12f46 | Get time 0x12f46: cmp dh, 0
0x12f49: je 0x12f42
0x12f4b: mov byte ptr cs:[bp + 0x300], dh
0x12f50: call 0x12fdc
0x12f53: mov ax, 0x5701
0x12f56: mov cx, word ptr cs:[bp + 0x373]
0x12f5b: mov dx, word ptr cs:[bp + 0x375]
0x12f60: int 0x21
0x12f62: mov ah, 0x3e
0x12f64: int 0x21
0x12f66: xor cx, cx
0x12f68: mov cl, byte ptr cs:[bp + 0x372]
0x12f6d: call 0x12f89
0x12f70: ret
0x12f71: mov ah, 0x42
0x12f73: xor cx, cx
0x12f75: xor dx, dx
0x12f77: int 0x21
0x12f79: ret
0x12f7a: mov ah, 0x1a
2018-12-25T12:27:04.3866018Z 64 PC: 13039 | Write file or device (Write 510 bytes on handle 5)
2018-12-25T12:27:04.395468535Z 87 PC: 12f62 | Get or set file date and time
2018-12-25T12:27:04.398186255Z 62 PC: 12f66 | Close file
2018-12-25T12:27:04.405705703Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.415430175Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.418801437Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.425383195Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.431845529Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.434667594Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.445668524Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.452938862Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.457653347Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.458939823Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.46079797Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.466526474Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.467708791Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.475441069Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.486482951Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.489410333Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.496149559Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.503267252Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.505637549Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.515462826Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.527399863Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.534369228Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.53573029Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.53799114Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.552954546Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.554374056Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.562462219Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.573236908Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.575986755Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.582455011Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.589773531Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.591576082Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.601397988Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.608377333Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.611881864Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.613219885Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.615578359Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.625021288Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.626493467Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.634031427Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.644463281Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.647409923Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.654862682Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.662061933Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.664252184Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.668791617Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.674539906Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.677324139Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.678967125Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.68434765Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.695387774Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.697242997Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.700120211Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.704388088Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.706832228Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.713779397Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.720332911Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.721972002Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.733715354Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.740274831Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.742846494Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.745202045Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.75023111Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:04.883604128Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:04.885819193Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:04.928578928Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.942486252Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:04.946242574Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.958864678Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:04.965239029Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:04.967334453Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:04.979219532Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:04.985881392Z 64 PC: 12f3b | Write file or device (See above)
2018-12-25T12:27:04.989129978Z 66 PC: 12f79 | Move file pointer (See above)
2018-12-25T12:27:04.991396616Z 44 PC: 12f46 | Get time (See above)
2018-12-25T12:27:04.993945462Z 64 PC: 13039 | Write file or device (See above)
2018-12-25T12:27:05.002441622Z 87 PC: 12f62 | Get or set file date and time (See above)
2018-12-25T12:27:05.004341623Z 62 PC: 12f66 | Close file (See above)
2018-12-25T12:27:05.022017855Z 67 PC: 12f92 | Get or set file attributes (See above)
2018-12-25T12:27:05.042128726Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:05.045305099Z 61 PC: 12f87 | Open file (See above)
2018-12-25T12:27:05.052051153Z 63 PC: 12ee7 | Read file or device (See above)
2018-12-25T12:27:05.058536021Z 62 PC: 12eeb | Close file (See above)
2018-12-25T12:27:05.060709061Z 79 PC: 12ecc | Find next file (See above)
2018-12-25T12:27:05.062986639Z 59 PC: 12ea0 | Change current directory
2018-12-25T12:27:05.066974326Z 9 PC: 12eaa | Display string (String= 'Replico Virus NoTrace DeLuxe Italian Viral Labs [IVP] ')
2018-12-25T12:27:05.07477126Z 37 PC: 12eb4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:05.076078343Z 59 PC: 12ebe | Change current directory
2018-12-25T12:27:05.078084403Z 26 PC: 12f7e | Set disk transfer address (See above)