Sample viewer

vx.netlux.org/Virus.DOS.IVP.Replico.478

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:19.876122983Z 26 PC: 12f58 | Set disk transfer address
2018-12-17T22:58:19.878851855Z 53 PC: 12e4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:19.886139888Z 37 PC: 12e5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:19.888101974Z 71 PC: 12e6b | Get current directory
2018-12-17T22:58:19.891968275Z 78 PC: 12ea6 | Find first file
2018-12-17T22:58:19.898467274Z 61 PC: 12f61 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:19.903247075Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:19.907166674Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:19.910936988Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:19.92365101Z 61 PC: 12f61 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:19.930521206Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:19.935171242Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:19.936369876Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:19.938150193Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-17T22:58:19.945486798Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:19.946859155Z 62 PC: 12f40 | Close file
2018-12-17T22:58:19.952599487Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:19.963625379Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:19.96642406Z 61 PC: 12f61 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:19.973361072Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:19.980782519Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:19.982986286Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:19.993586835Z 61 PC: 12f61 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:20.005032343Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:20.011910738Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:20.013666727Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:20.0164193Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-17T22:58:20.019244876Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:20.020518635Z 62 PC: 12f40 | Close file
2018-12-17T22:58:20.027480704Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.033965955Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.035758075Z 61 PC: 12f61 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:20.039783647Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:20.044322765Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:20.045649026Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.051803357Z 61 PC: 12f61 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:20.056599366Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:20.059653441Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:20.061169252Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:20.064569756Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-17T22:58:20.072366176Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:20.082427609Z 62 PC: 12f40 | Close file
2018-12-17T22:58:20.093332421Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.103432069Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.106385778Z 61 PC: 12f61 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:20.113624588Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:20.120464405Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:20.122578246Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.133480127Z 61 PC: 12f61 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:20.140250525Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:20.143147996Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:20.145230313Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:20.147990062Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-17T22:58:20.151183625Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:20.154353903Z 62 PC: 12f40 | Close file
2018-12-17T22:58:20.162896172Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.172828408Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.175974249Z 61 PC: 12f61 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:20.182289728Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:20.18878137Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:20.191116135Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.196612431Z 61 PC: 12f61 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:58:20.201482744Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:58:20.204482605Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:20.206663502Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:20.209041948Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 2)
2018-12-17T22:58:20.244132145Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:20.246574537Z 62 PC: 12f40 | Close file
2018-12-17T22:58:20.248269942Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.252460665Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.256798415Z 61 PC: 12f61 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:20.263146029Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:58:20.269241939Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:20.271903419Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.446537416Z 61 PC: 12f61 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:20.453918074Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:58:20.45781608Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:20.459563843Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:20.462465808Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 2)
2018-12-17T22:58:20.4982866Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:20.499779148Z 62 PC: 12f40 | Close file
2018-12-17T22:58:20.507284894Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.518398646Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.521198748Z 61 PC: 12f61 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:20.528223204Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:58:20.536078363Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:20.538731607Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.549813942Z 61 PC: 12f61 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:20.557734182Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:58:20.561028187Z 66 PC: 12f53 | Move file pointer
2018-12-17T22:58:20.562896628Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-17T22:58:20.565831194Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 2)
2018-12-17T22:58:20.569697193Z 87 PC: 12f3c | Get or set file date and time
2018-12-17T22:58:20.571399233Z 62 PC: 12f40 | Close file
2018-12-17T22:58:20.578813271Z 67 PC: 12f6c | Get or set file attributes
2018-12-17T22:58:20.591140851Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.593979168Z 61 PC: 12f61 | Open file (Filename = 'TEST.COM')
2018-12-17T22:58:20.60098098Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:58:20.608918324Z 62 PC: 12ec5 | Close file
2018-12-17T22:58:20.610974218Z 79 PC: 12ea6 | Find next file
2018-12-17T22:58:20.614366205Z 59 PC: 12e7a | Change current directory
2018-12-17T22:58:20.618874476Z 9 PC: 12e84 | Display string (String= 'Walky Virus Replico DeLuxe Edition Italian Viral Labs [IVP] ')
2018-12-17T22:58:20.627636972Z 37 PC: 12e8e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:20.629689177Z 59 PC: 12e98 | Change current directory
2018-12-17T22:58:20.632737063Z 26 PC: 12f58 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12847,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.09844638Z 26 PC: 12f58 | Set disk transfer address
2018-12-25T12:36:38.100465449Z 53 PC: 12e4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.101591312Z 37 PC: 12e5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.10251147Z 71 PC: 12e6b | Get current directory
2018-12-25T12:36:38.105505833Z 78 PC: 12ea6 | Find first file
2018-12-25T12:36:38.111268643Z 61 PC: 12f61 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.122738138Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.129069069Z 62 PC: 12ec5 | Close file
2018-12-25T12:36:38.130425718Z 67 PC: 12f6c | Get or set file attributes
2018-12-25T12:36:39.577298729Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.581928531Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:39.583794155Z 66 PC: 12f53 | Move file pointer
2018-12-25T12:36:39.584743633Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-25T12:36:39.586516789Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-25T12:36:39.591881832Z 87 PC: 12f3c | Get or set file date and time
2018-12-25T12:36:39.593878557Z 62 PC: 12f40 | Close file
2018-12-25T12:36:39.601655035Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.612044508Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.614691953Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.621467174Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.627218245Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.628923608Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.638804985Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.645935982Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.648638053Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.649887192Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.652571043Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.655511122Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.657834546Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.66477188Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.67376107Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.67672707Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.684488468Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.695270011Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.697588657Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.70904453Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.717211609Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.720746251Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.724278442Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.727148313Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.73636144Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.738497688Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.746843365Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.75690557Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.759813085Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.766941363Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.773551538Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.775830083Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.78667197Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.793876743Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.797538652Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.800244491Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.803392526Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.806713266Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.809485335Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.817043203Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.827335558Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.830523994Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.835379806Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.841229815Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.843775987Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.847575119Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.852018118Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.854496028Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.85557091Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.857563608Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.864609247Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.865750828Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.86697092Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.870129796Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.871888228Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.875882544Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.880029191Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.881289079Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.088454424Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.097552941Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.100494596Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.102116197Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.105436209Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.154953709Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.156380007Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.164514677Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.174710146Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.177546664Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.185678442Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.192247671Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.194355045Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.513829618Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.52898578Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.53114205Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.532767735Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.534764534Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.537443634Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.539135667Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.554364965Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.571172625Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.578196784Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.586844866Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.599322431Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.604526348Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.607309337Z 59 PC: 12e7a | Change current directory
2018-12-25T12:36:40.612539823Z 9 PC: 12e84 | Display string (String= 'Walky Virus Replico DeLuxe Edition Italian Viral Labs [IVP] ')
2018-12-25T12:36:40.623401551Z 37 PC: 12e8e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:40.62486803Z 59 PC: 12e98 | Change current directory
2018-12-25T12:36:40.626837182Z 26 PC: 12f58 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12847,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.204830703Z 26 PC: 12f58 | Set disk transfer address
2018-12-25T12:36:38.206257791Z 53 PC: 12e4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.207268071Z 37 PC: 12e5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.208187427Z 71 PC: 12e6b | Get current directory
2018-12-25T12:36:38.211237161Z 78 PC: 12ea6 | Find first file
2018-12-25T12:36:38.217026284Z 61 PC: 12f61 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.224257013Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.228414497Z 62 PC: 12ec5 | Close file
2018-12-25T12:36:38.229625527Z 67 PC: 12f6c | Get or set file attributes
2018-12-25T12:36:39.587277985Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.599951449Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:39.60462693Z 66 PC: 12f53 | Move file pointer
2018-12-25T12:36:39.605797323Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-25T12:36:39.608210804Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-25T12:36:39.613791676Z 87 PC: 12f3c | Get or set file date and time
2018-12-25T12:36:39.615340063Z 62 PC: 12f40 | Close file
2018-12-25T12:36:39.630608618Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.652371281Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.656601157Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.663555473Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.684214042Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.687139581Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.697559618Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.703571114Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.709574825Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.711230148Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.714654269Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.717250391Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.718781251Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.725394676Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.732081007Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.734314001Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.740500181Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.744802793Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.746527789Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.754185101Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.773987803Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.777446505Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.779679732Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.782734623Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.788424873Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.804049009Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.817037165Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.835500265Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.838328645Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.846102091Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.852584974Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.85446395Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.088700911Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.0939708Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.097130107Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.099122563Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.101423864Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.104321572Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.106470231Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.158963081Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.168863089Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.172628796Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.180619549Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.18696363Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.189978681Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.194980364Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.199825375Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.204336317Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.206472795Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.209138617Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.219535507Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.221101043Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.222941124Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.227452211Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.230108201Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.236415113Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.242952263Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.244957724Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.514172797Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.521630674Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.525874642Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.52768973Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.531165342Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.541130433Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.54566827Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.559615124Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.58032651Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.583248054Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.590729817Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.598956716Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.601106547Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.611926243Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.619907307Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.623555913Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.625242385Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.628840581Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.632430551Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.634212178Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.6432131Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.653653805Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.65656342Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.664911366Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.671952156Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.674053233Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.676981484Z 59 PC: 12e7a | Change current directory
2018-12-25T12:36:40.682395429Z 9 PC: 12e84 | Display string (String= 'Walky Virus Replico DeLuxe Edition Italian Viral Labs [IVP] ')
2018-12-25T12:36:40.690424689Z 37 PC: 12e8e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:40.691879466Z 59 PC: 12e98 | Change current directory
2018-12-25T12:36:40.695159566Z 26 PC: 12f58 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12847,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.393514104Z 26 PC: 12f58 | Set disk transfer address
2018-12-25T12:36:38.394639833Z 53 PC: 12e4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.39548912Z 37 PC: 12e5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.396216221Z 71 PC: 12e6b | Get current directory
2018-12-25T12:36:38.398270167Z 78 PC: 12ea6 | Find first file
2018-12-25T12:36:38.40262243Z 61 PC: 12f61 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.409384671Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.414926993Z 62 PC: 12ec5 | Close file
2018-12-25T12:36:38.429947834Z 67 PC: 12f6c | Get or set file attributes
2018-12-25T12:36:39.577303121Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.588858352Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:39.59564368Z 66 PC: 12f53 | Move file pointer
2018-12-25T12:36:39.596817749Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-25T12:36:39.599107721Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-25T12:36:39.607662175Z 87 PC: 12f3c | Get or set file date and time
2018-12-25T12:36:39.609362348Z 62 PC: 12f40 | Close file
2018-12-25T12:36:39.616989032Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.624159355Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.626678112Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.632843574Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.639394237Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.641200446Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.651213037Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.658119694Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.663185491Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.66975863Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.672747312Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.675551656Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.676900157Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.684225631Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.693999462Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.696677304Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.703434333Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.710105245Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.711982068Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.72246189Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.7288505Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.731458679Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.733197686Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.735502616Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.743557333Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.745328279Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.752885842Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.762338542Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.765004092Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.771193796Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.777763537Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.780036411Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.789696256Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.796353797Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.799485349Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.801165276Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.803612682Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.806565291Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.808574831Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.815671349Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.825242925Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.828101039Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.839655608Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.845694856Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.848406037Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.852792512Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.857609772Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.860985048Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.862614785Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.864847235Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.87432056Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.875718656Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.880739742Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.88590601Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.887743132Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.891715309Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.895975149Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.897242156Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.095370607Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.103139319Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.109627398Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.111056283Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.113877808Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.163827529Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.167153076Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.188799696Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.52104879Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.533519898Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.545165515Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.555812309Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.566142326Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.592792202Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.600085132Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.603110933Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.606343772Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.612966168Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.616024751Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.618147384Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.626168067Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.635939677Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.640255715Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.6466642Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.653188872Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.65618507Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.659293075Z 59 PC: 12e7a | Change current directory
2018-12-25T12:36:40.66404035Z 9 PC: 12e84 | Display string (String= 'Walky Virus Replico DeLuxe Edition Italian Viral Labs [IVP] ')
2018-12-25T12:36:40.672988315Z 37 PC: 12e8e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:40.675009554Z 59 PC: 12e98 | Change current directory
2018-12-25T12:36:40.677073206Z 26 PC: 12f58 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12847,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.830589117Z 26 PC: 12f58 | Set disk transfer address
2018-12-25T12:36:38.83180053Z 53 PC: 12e4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.832827173Z 37 PC: 12e5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.833896463Z 71 PC: 12e6b | Get current directory
2018-12-25T12:36:38.836828512Z 78 PC: 12ea6 | Find first file
2018-12-25T12:36:38.841331818Z 61 PC: 12f61 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.845116511Z 63 PC: 12ec1 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.849147512Z 62 PC: 12ec5 | Close file
2018-12-25T12:36:38.850371216Z 67 PC: 12f6c | Get or set file attributes
2018-12-25T12:36:39.599549214Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.607314019Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:39.610826887Z 66 PC: 12f53 | Move file pointer
2018-12-25T12:36:39.612666911Z 44 PC: 12f20 | Get time 0x12f20: cmp dh, 0
0x12f23: je 0x12f1c
0x12f25: mov byte ptr cs:[bp + 0x2e0], dh
0x12f2a: call 0x12fbc
0x12f2d: mov ax, 0x5701
0x12f30: mov cx, word ptr cs:[bp + 0x353]
0x12f35: mov dx, word ptr cs:[bp + 0x355]
0x12f3a: int 0x21
0x12f3c: mov ah, 0x3e
0x12f3e: int 0x21
0x12f40: xor cx, cx
0x12f42: mov cl, byte ptr cs:[bp + 0x352]
0x12f47: call 0x12f63
0x12f4a: ret
0x12f4b: mov ah, 0x42
0x12f4d: xor cx, cx
0x12f4f: xor dx, dx
0x12f51: int 0x21
0x12f53: ret
0x12f54: mov ah, 0x1a
2018-12-25T12:36:39.615086389Z 64 PC: 13019 | Write file or device (Write 478 bytes on handle 5)
2018-12-25T12:36:39.622966912Z 87 PC: 12f3c | Get or set file date and time
2018-12-25T12:36:39.635535242Z 62 PC: 12f40 | Close file
2018-12-25T12:36:39.643493793Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.654603776Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.657392849Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.664002976Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.670755091Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.672076143Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.67931855Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.685178069Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.687247858Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.68844501Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.694394551Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.696482129Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.697468893Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.702668874Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.712473453Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.714257721Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.71855646Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.722885295Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.724389739Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.73317639Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.738985995Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.741534924Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.742778551Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.745468873Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.752565286Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.75375593Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:39.759926904Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.773097736Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:39.775712054Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.781376255Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:39.787621842Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:39.79432996Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:39.81504954Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:39.822409184Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:39.825818183Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:39.828473786Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:39.845475375Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:39.849059453Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:39.851059241Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.089029415Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.159017231Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.164556224Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.171568498Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.178314842Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.181356222Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.18913674Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.198922022Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.203612501Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.205915254Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.208190097Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.221564444Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.223937273Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.22589089Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.230625925Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.23360279Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.24057864Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.247041713Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.249045729Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.524493185Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.535134139Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.541089661Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.546159714Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.5521977Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.564415293Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.56655384Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.574787449Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.586677661Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.58969928Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.596770542Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.605585238Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.607888149Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.618462162Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.627151392Z 64 PC: 12f15 | Write file or device (See above)
2018-12-25T12:36:40.630873058Z 66 PC: 12f53 | Move file pointer (See above)
2018-12-25T12:36:40.632745333Z 44 PC: 12f20 | Get time (See above)
2018-12-25T12:36:40.636892338Z 64 PC: 13019 | Write file or device (See above)
2018-12-25T12:36:40.641035316Z 87 PC: 12f3c | Get or set file date and time (See above)
2018-12-25T12:36:40.643000546Z 62 PC: 12f40 | Close file (See above)
2018-12-25T12:36:40.652341734Z 67 PC: 12f6c | Get or set file attributes (See above)
2018-12-25T12:36:40.662870456Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.665981831Z 61 PC: 12f61 | Open file (See above)
2018-12-25T12:36:40.67365809Z 63 PC: 12ec1 | Read file or device (See above)
2018-12-25T12:36:40.681609773Z 62 PC: 12ec5 | Close file (See above)
2018-12-25T12:36:40.683810044Z 79 PC: 12ea6 | Find next file (See above)
2018-12-25T12:36:40.687540889Z 59 PC: 12e7a | Change current directory
2018-12-25T12:36:40.692655776Z 9 PC: 12e84 | Display string (String= 'Walky Virus Replico DeLuxe Edition Italian Viral Labs [IVP] ')
2018-12-25T12:36:40.702574819Z 37 PC: 12e8e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:40.704537204Z 59 PC: 12e98 | Change current directory
2018-12-25T12:36:40.707094277Z 26 PC: 12f58 | Set disk transfer address (See above)