Sample viewer

vx.netlux.org/Virus.DOS.Vein.1006.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:35.007255265Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-17T22:26:35.010657224Z	26	PC: 12f6b \| Set disk transfer address
2018-12-17T22:26:35.012078763Z	78	PC: 12f76 \| Find first file
2018-12-17T22:26:35.019453165Z	61	PC: 12f84 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:35.02692697Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.029144409Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.031172048Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.377789812Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.382808165Z	61	PC: 12f84 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:26:35.396302798Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.398397646Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.400905501Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.408533992Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.411780029Z	61	PC: 12f84 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:26:35.420528704Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.422533932Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.424559655Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.43322807Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.436368298Z	61	PC: 12f84 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:26:35.443737329Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.446055471Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.448396776Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.45633744Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.459709612Z	61	PC: 12f84 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:26:35.468507466Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.470042491Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.472119453Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.484869179Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.488720791Z	61	PC: 12f84 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:26:35.495868723Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.49854335Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.500347985Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.508400581Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.512055591Z	61	PC: 12f84 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:26:35.522147379Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.524092843Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.526084195Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.534366413Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.537334889Z	61	PC: 12f84 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:26:35.545646757Z	87	PC: 12f8a \| Get or set file date and time
2018-12-17T22:26:35.548058037Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.551660418Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.554127673Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.563293426Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.56601198Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.568396709Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.570644967Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.572350443Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.574327272Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.577777677Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.579664093Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.581875684Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.583556629Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.58588829Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.587349889Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.58925032Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.592360326Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.594205098Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.59633149Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.598940848Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.60054858Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.60218908Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.606387951Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.608600227Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.610664314Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.613220068Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.61490127Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.616297056Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.617656664Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.620655925Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.622745848Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.624794701Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.627533033Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.628799326Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.630064139Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.632304584Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.634073899Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.635701928Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.63836008Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.642905707Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.644185676Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.645663009Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.647533557Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.649238018Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.650937326Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.653615941Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.655585521Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.656872864Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.659130821Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.660577393Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:35.663352069Z	87	PC: 12ffc \| Get or set file date and time
2018-12-17T22:26:35.665888139Z	62	PC: 13000 \| Close file
2018-12-17T22:26:35.66759556Z	79	PC: 12f76 \| Find next file
2018-12-17T22:26:35.669897608Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.67190517Z	26	PC: 1300c \| Set disk transfer address
2018-12-17T22:26:35.673399541Z	9	PC: 12a47 \| Display string (String= 'Bait File! (C) 2001 Mountain Virus Research Labs M�llen AntiVirus')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:40.678953838Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:40.686590744Z	9	PC: 12f49 \| Display string (Could not find end pointer)
2018-12-25T11:52:40.691886914Z	76	PC: 12f56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:40.718026393Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:40.720940839Z	26	PC: 12f6b \| Set disk transfer address
2018-12-25T11:52:40.72291126Z	78	PC: 12f76 \| Find first file
2018-12-25T11:52:40.728970916Z	61	PC: 12f84 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:40.7352545Z	87	PC: 12f8a \| Get or set file date and time
2018-12-25T11:52:40.737878357Z	87	PC: 12ffc \| Get or set file date and time
2018-12-25T11:52:40.739818745Z	62	PC: 13000 \| Close file
2018-12-25T11:52:40.755855408Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.761250345Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.772875079Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.774256796Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.776502171Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.783298521Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.78586811Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.793222343Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.801659948Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.80357974Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.823683162Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.826499406Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.830544914Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.831712443Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.833361669Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.839409425Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.842073177Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.848773423Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.850068202Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.851403664Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.859102865Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.861887727Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.868620377Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.870754046Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.874056384Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.881156857Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.883933238Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.891211095Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.892959718Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.895147383Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.904564538Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.907060457Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.913890222Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.915915096Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:40.9225077Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.924780371Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.931629723Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.934137672Z	26	PC: 1300c \| Set disk transfer address
2018-12-25T11:52:40.935712632Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.936779899Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.937876706Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:40.939764432Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.94118774Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.942638703Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.945684312Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.947011304Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.948275245Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.950654804Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:40.952105102Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.953586578Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.955826631Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.957451651Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.95842467Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.959979917Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.960951108Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:40.96250328Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.964458278Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.96660794Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.968189517Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.969722821Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.970664195Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.971522546Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:40.973940354Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.975304113Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.976623971Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.978974572Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.979934987Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.980866012Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.982780493Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:40.98431613Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.986018504Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.988323788Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.990150034Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.991314573Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.994551378Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:40.995832066Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:40.997375112Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.99924838Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.001092919Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.003039895Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.004967544Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.006347992Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.007361759Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.008961993Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.010728797Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.012099757Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.013906847Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.015699979Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.016948608Z	9	PC: 12a47 \| Display string (String= 'Bait File! (C) 2001 Mountain Virus Research Labs M�llen AntiVirus')

{"DateBased":true,"Day":18,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:40.747570755Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:40.751758735Z	9	PC: 12f49 \| Display string (Could not find end pointer)
2018-12-25T11:52:40.756721724Z	76	PC: 12f56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:40.914624588Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:40.917903099Z	26	PC: 12f6b \| Set disk transfer address
2018-12-25T11:52:40.919355939Z	78	PC: 12f76 \| Find first file
2018-12-25T11:52:40.9252262Z	61	PC: 12f84 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:40.931623924Z	87	PC: 12f8a \| Get or set file date and time
2018-12-25T11:52:40.934430406Z	87	PC: 12ffc \| Get or set file date and time
2018-12-25T11:52:40.935819093Z	62	PC: 13000 \| Close file
2018-12-25T11:52:40.950116558Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.952138244Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.956479863Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.957440161Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.958991174Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.963331711Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.964968903Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.97457754Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.975681513Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.977018821Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.985250522Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:40.987094052Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:40.991206301Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:40.992909008Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:40.99435732Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:40.998961152Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.00277239Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.014905659Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.01657964Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.019240713Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.028517657Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.031632979Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.038119448Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.040374714Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.041823221Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.048511843Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.052542365Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.05885019Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.060441535Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.062700325Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.069565074Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.072154828Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.079275963Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.08075298Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:41.089655585Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.09240564Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.100493145Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.103238797Z	26	PC: 1300c \| Set disk transfer address
2018-12-25T11:52:41.105240214Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.106621321Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.107953386Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.110682198Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.112729747Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.114432408Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.117926917Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.119517545Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.120807435Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.122845279Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.124335286Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.12578023Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.127480704Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.12972875Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.130923758Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.132926729Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.134002129Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.135567108Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.137885422Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.141840585Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.143479612Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.145132249Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.146212351Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.147180801Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.148823466Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.150718234Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.152171664Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.15393236Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.155165523Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.156066247Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.157168565Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.159553305Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.160851134Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.162249467Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.164396745Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.165537173Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.166614545Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.168669631Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.170155051Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.171651623Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.173358188Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.174957827Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.175960497Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.182824055Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.184069815Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.185685443Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.187492363Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.188855531Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.190669635Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.192079521Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.193101472Z	9	PC: 12a47 \| Display string (String= 'Bait File! (C) 2001 Mountain Virus Research Labs M�llen AntiVirus')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:40.972516633Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:40.977338202Z	9	PC: 12e7c \| Display string (String= 'Disinfecting file... ')
2018-12-25T11:52:40.9822277Z	26	PC: 12e83 \| Set disk transfer address
2018-12-25T11:52:40.984196962Z	67	PC: 12eb3 \| Get or set file attributes
2018-12-25T11:52:40.991020417Z	67	PC: 12ebf \| Get or set file attributes
2018-12-25T11:52:41.006488404Z	61	PC: 12ec4 \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T11:52:41.014148126Z	87	PC: 12eca \| Get or set file date and time
2018-12-25T11:52:41.015883277Z	62	PC: 12ed8 \| Close file
2018-12-25T11:52:41.018584956Z	60	PC: 12ee1 \| Create or truncate file
2018-12-25T11:52:41.03196552Z	64	PC: 12eec \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:41.036072855Z	64	PC: 12ef5 \| Write file or device (Write 1007 bytes on handle 5)
2018-12-25T11:52:41.048487676Z	87	PC: 12f04 \| Get or set file date and time
2018-12-25T11:52:41.051322298Z	62	PC: 12f08 \| Close file
2018-12-25T11:52:41.060250987Z	67	PC: 12f11 \| Get or set file attributes
2018-12-25T11:52:41.072552803Z	9	PC: 12f1b \| Display string (String= ' File disinfected! Merry Christmas Nowhere virus v1.3 VEiN - 1995 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:41.051176342Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:41.053547366Z	26	PC: 12f6b \| Set disk transfer address
2018-12-25T11:52:41.054484071Z	78	PC: 12f76 \| Find first file
2018-12-25T11:52:41.06007566Z	61	PC: 12f84 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:41.066749786Z	87	PC: 12f8a \| Get or set file date and time
2018-12-25T11:52:41.068011001Z	87	PC: 12ffc \| Get or set file date and time
2018-12-25T11:52:41.069313353Z	62	PC: 13000 \| Close file
2018-12-25T11:52:41.082050447Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.087431802Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.094841454Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.096514805Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.097769603Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.106977813Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.110875936Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.117416206Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.118937248Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.120508453Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.127746728Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.130406257Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.137029471Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.139767234Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.141201666Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.147940867Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.151396537Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.162357057Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.163629813Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.165907166Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.175482613Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.177959729Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.194922077Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.1968485Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.198670458Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.206073611Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.208955491Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.215693513Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.217620143Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.219037092Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.225674881Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.228281893Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.240710987Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.242332891Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:41.2491401Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.251256123Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.258299996Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.260804696Z	26	PC: 1300c \| Set disk transfer address
2018-12-25T11:52:41.262887115Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.263974967Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.265129959Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.267517099Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.269072134Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.270820973Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.273276681Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.274542879Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.275811427Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.277635573Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.279261705Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.280800183Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.283055344Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.285016143Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.286055881Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.287667163Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.288757124Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.290220555Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.292184824Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.293590301Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.295279154Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.297224876Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.298223499Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.299207916Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.301435128Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.302910046Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.304263448Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.306554544Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.307726495Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.308803577Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.310056925Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.312225653Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.313893298Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.315559978Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.317958657Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.319232852Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.320490349Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.322579095Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.324044965Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.325462731Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.332180706Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.333794846Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.334760692Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.336153757Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.337031227Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.338307289Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.340019992Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.341280656Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.343594877Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.344769275Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.346141Z	9	PC: 12a47 \| Display string (String= 'Bait File! (C) 2001 Mountain Virus Research Labs M�llen AntiVirus')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4714,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:41.273850772Z	42	PC: 12e3e \| Get date 0x12e3e: cmp dh, 8 0x12e41: je 0x12e60 0x12e43: cmp dh, 2 0x12e46: je 0x12e58 0x12e48: cmp dh, 0xc 0x12e4b: je 0x12e50 0x12e4d: jmp 0x12f56 0x12e50: cmp dl, 0x19 0x12e53: je 0x12e68 0x12e55: jmp 0x12f56 0x12e58: cmp dl, 3 0x12e5b: je 0x12e6c 0x12e5d: jmp 0x12f56 0x12e60: cmp dl, 0x12 0x12e63: je 0x12e70 0x12e65: jmp 0x12f56 0x12e68: push cs 0x12e69: call 0x12e74 0x12e6c: push cs 0x12e6d: call 0x12f27
2018-12-25T11:52:41.276584362Z	26	PC: 12f6b \| Set disk transfer address
2018-12-25T11:52:41.277471961Z	78	PC: 12f76 \| Find first file
2018-12-25T11:52:41.283133063Z	61	PC: 12f84 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:41.289685416Z	87	PC: 12f8a \| Get or set file date and time
2018-12-25T11:52:41.290914125Z	87	PC: 12ffc \| Get or set file date and time
2018-12-25T11:52:41.292212081Z	62	PC: 13000 \| Close file
2018-12-25T11:52:41.313318444Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.315987835Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.322325828Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.324422214Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.32599192Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.334983142Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.3388341Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.345330514Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.346530937Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.347809097Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.354818097Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.357341265Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.363578495Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.37059753Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.371909495Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.378669974Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.381620171Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.388088932Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.389396612Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.391257647Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.39877476Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.401400854Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.414730358Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.416155728Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.417675006Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.424146374Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.427027524Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.433610909Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.435740427Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.437221635Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.444345132Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.447484133Z	61	PC: 12f84 \| Open file (See above)
2018-12-25T11:52:41.45489443Z	87	PC: 12f8a \| Get or set file date and time (See above)
2018-12-25T11:52:41.456208141Z	63	PC: 12fab \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:41.462671204Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.464266649Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.473584564Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.476024232Z	26	PC: 1300c \| Set disk transfer address
2018-12-25T11:52:41.477691523Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.47865834Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.47975681Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.481300525Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.482736432Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.484929575Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.486813296Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.488104879Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.489542181Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.490925053Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.492367056Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.494039895Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.511577815Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.513126164Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.513980723Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.51779291Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.519057522Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.520725166Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.52264147Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.524401372Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.526015915Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.528026465Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.529290995Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.530609148Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.533288664Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.534986437Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.536624149Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.539080153Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.540086388Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.541079843Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.542829564Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.544203997Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.545561979Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.547565836Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.549575513Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.550551778Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.552155303Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.553435174Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.555116566Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.557586641Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.559326828Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.561002012Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.56258617Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.563502146Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.564830432Z	63	PC: 12fab \| Read file or device (See above)
2018-12-25T11:52:41.566457552Z	87	PC: 12ffc \| Get or set file date and time (See above)
2018-12-25T11:52:41.567523396Z	62	PC: 13000 \| Close file (See above)
2018-12-25T11:52:41.568565729Z	79	PC: 12f76 \| Find next file (See above)
2018-12-25T11:52:41.570629017Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.571576479Z	26	PC: 1300c \| Set disk transfer address (See above)
2018-12-25T11:52:41.572539857Z	9	PC: 12a47 \| Display string (String= 'Bait File! (C) 2001 Mountain Virus Research Labs M�llen AntiVirus')