Sample viewer

vx.netlux.org/Virus.DOS.SillyC.510

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:39.839109198Z	26	PC: 12f28 \| Set disk transfer address
2018-12-17T22:35:39.840913611Z	53	PC: 12f2f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:39.842358761Z	37	PC: 12f44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:39.843591616Z	78	PC: 12f56 \| Find first file
2018-12-17T22:35:39.850316054Z	61	PC: 130e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:39.858275523Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:39.865407077Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:39.867750318Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:39.886567313Z	61	PC: 130e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:39.894763563Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:39.897926188Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:39.900267361Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:39.909348485Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:39.911123719Z	62	PC: 130cc \| Close file
2018-12-17T22:35:39.920330506Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:39.931615604Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:39.935082345Z	61	PC: 130e5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:39.951518615Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:39.959385669Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:39.961724568Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:39.973756649Z	61	PC: 130e5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:39.981914305Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:39.985414583Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:39.987672479Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:39.997543455Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:39.999192237Z	62	PC: 130cc \| Close file
2018-12-17T22:35:40.007631148Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.018589074Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.02236938Z	61	PC: 130e5 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:40.030282563Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:40.038684574Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:40.041305463Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.05261861Z	61	PC: 130e5 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:40.06164604Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:40.068169666Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:40.070269097Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:40.080389214Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:40.082467715Z	62	PC: 130cc \| Close file
2018-12-17T22:35:40.093719427Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.105459919Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.109387544Z	61	PC: 130e5 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:40.114239088Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:40.1184145Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:40.120527346Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.12732898Z	61	PC: 130e5 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:40.131648291Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:40.13405344Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:40.135677903Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:40.141137897Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:40.142791818Z	62	PC: 130cc \| Close file
2018-12-17T22:35:40.148081896Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.156641629Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.160054247Z	61	PC: 130e5 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:35:40.167340384Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:40.174136112Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:40.176920693Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.187842849Z	61	PC: 130e5 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:35:40.195166961Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:40.199512847Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:40.201119065Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:40.210101885Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:40.211835481Z	62	PC: 130cc \| Close file
2018-12-17T22:35:40.221591325Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.232132405Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.23532871Z	61	PC: 130e5 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:40.243750925Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:40.250557995Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:40.252437608Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.263646108Z	61	PC: 130e5 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:40.270740724Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:40.273573498Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:40.27553599Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:40.284375045Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:40.286296571Z	62	PC: 130cc \| Close file
2018-12-17T22:35:40.294712118Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.305225807Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.308101758Z	61	PC: 130e5 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:35:40.315140753Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:40.321988427Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:40.323900389Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.334730339Z	61	PC: 130e5 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:35:40.348416651Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:40.355516053Z	66	PC: 130a8 \| Move file pointer
2018-12-17T22:35:40.357048309Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:35:40.366031728Z	87	PC: 130c7 \| Get or set file date and time
2018-12-17T22:35:40.367832986Z	62	PC: 130cc \| Close file
2018-12-17T22:35:40.37625844Z	67	PC: 130f3 \| Get or set file attributes
2018-12-17T22:35:40.388996924Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.391956768Z	61	PC: 130e5 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:35:40.399297995Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:35:40.40736652Z	62	PC: 12f71 \| Close file
2018-12-17T22:35:40.410172926Z	79	PC: 12f56 \| Find next file
2018-12-17T22:35:40.412710075Z	42	PC: 12fb4 \| Get date 0x12fb4: nop 0x12fb5: cmp dl, 1 0x12fb8: nop 0x12fb9: jne 0x12fc8 0x12fbb: nop 0x12fbc: mov ah, 0x2c 0x12fbe: nop 0x12fbf: int 0x21 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop
2018-12-17T22:35:40.415204009Z	37	PC: 12fd5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:40.416676779Z	26	PC: 12fe3 \| Set disk transfer address
2018-12-17T22:35:40.417944785Z	9	PC: 12a47 \| Display string (String= ' == [1994v1] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-17T22:35:40.433399968Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6434,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:19.55412909Z	26	PC: 12f28 \| Set disk transfer address
2018-12-25T11:59:19.556052271Z	53	PC: 12f2f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.557213743Z	37	PC: 12f44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.558270978Z	78	PC: 12f56 \| Find first file
2018-12-25T11:59:19.563984419Z	61	PC: 130e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:19.571235779Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:19.584455132Z	62	PC: 12f71 \| Close file
2018-12-25T11:59:19.586212992Z	67	PC: 130f3 \| Get or set file attributes
2018-12-25T11:59:20.027738564Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.034512126Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:20.03752266Z	66	PC: 130a8 \| Move file pointer
2018-12-25T11:59:20.039817058Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-25T11:59:20.048761546Z	87	PC: 130c7 \| Get or set file date and time
2018-12-25T11:59:20.05095784Z	62	PC: 130cc \| Close file
2018-12-25T11:59:20.059299051Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.072704983Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.075533324Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.082847538Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.088741064Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.090773077Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.100310944Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.107003875Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.109883634Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.11144138Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.119918234Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.121589025Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.12936013Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.140150551Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.142566624Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.148638912Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.155208984Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.157239642Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.167361099Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.174936434Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.177868225Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.179490326Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.188219306Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.190267258Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.198189194Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.208318424Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.210646454Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.216733965Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.222523805Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.224768132Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.233829455Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.240026974Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.243831976Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.245362695Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.258801046Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.261834693Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.269691126Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.279087618Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.281925514Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.288419915Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.29467531Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.297316999Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.307373558Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.314047918Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.317002862Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.31945143Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.327720701Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.329361374Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.337591125Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.347054638Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.349463074Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.354687961Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.361323134Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.363267236Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.374007752Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.388098215Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.395217238Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.397350609Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.405249074Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.406619566Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.416400087Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.426632299Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.429781477Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.437809998Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.444840607Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.446922779Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.457567527Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.465145464Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.468107389Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.469725682Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.479014688Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.480701339Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.48810106Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.497632913Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.500797434Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.507324563Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.513875756Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.516194408Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.524581451Z	42	PC: 12fb4 \| Get date 0x12fb4: nop 0x12fb5: cmp dl, 1 0x12fb8: nop 0x12fb9: jne 0x12fc8 0x12fbb: nop 0x12fbc: mov ah, 0x2c 0x12fbe: nop 0x12fbf: int 0x21 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop
2018-12-25T11:59:20.527418146Z	37	PC: 12fd5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:20.528495181Z	26	PC: 12fe3 \| Set disk transfer address
2018-12-25T11:59:20.529493634Z	9	PC: 12a47 \| Display string (String= ' == [1994v1] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T11:59:20.542599311Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6434,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:19.660643049Z	26	PC: 12f28 \| Set disk transfer address
2018-12-25T11:59:19.662893048Z	53	PC: 12f2f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.664511631Z	37	PC: 12f44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.666159503Z	78	PC: 12f56 \| Find first file
2018-12-25T11:59:19.673424959Z	61	PC: 130e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:19.681410581Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:19.688412621Z	62	PC: 12f71 \| Close file
2018-12-25T11:59:19.690486351Z	67	PC: 130f3 \| Get or set file attributes
2018-12-25T11:59:20.169553386Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.175139558Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:20.179495475Z	66	PC: 130a8 \| Move file pointer
2018-12-25T11:59:20.182590282Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-25T11:59:20.196772616Z	87	PC: 130c7 \| Get or set file date and time
2018-12-25T11:59:20.198811972Z	62	PC: 130cc \| Close file
2018-12-25T11:59:20.213864644Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.226495162Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.23085535Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.238547679Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.247622348Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.250079798Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.261528964Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.270297716Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.273665283Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.275530258Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.294293774Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.296496191Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.305460876Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.31840035Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.321786417Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.334106119Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.342407701Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.344520112Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.357758994Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.366141997Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.370135471Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.372493825Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.381737223Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.383617954Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.391861487Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.405737293Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.409563836Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.417072408Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.424410274Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.427640737Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.438659683Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.447834981Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.451320491Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.45276618Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.46009492Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.462593585Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.470642058Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.480290887Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.4828267Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.48951565Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.495829643Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.497951159Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.507695089Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.514360795Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.516951288Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.519045025Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.526306714Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.527803679Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.536784452Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.545801053Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.548388062Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.555144195Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.561372639Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.563507174Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.572833231Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.580687997Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.583668164Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.585407321Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.593694439Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.595258168Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.602983759Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.612738758Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.616276628Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.622627958Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.629649132Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.632131721Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.641807855Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.649005665Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.652715428Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.654480093Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.662066962Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.664818212Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.672283766Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.681515492Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.685182046Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.691835679Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.694664198Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.697499273Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.7005097Z	42	PC: 12fb4 \| Get date 0x12fb4: nop 0x12fb5: cmp dl, 1 0x12fb8: nop 0x12fb9: jne 0x12fc8 0x12fbb: nop 0x12fbc: mov ah, 0x2c 0x12fbe: nop 0x12fbf: int 0x21 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop
2018-12-25T11:59:20.702991328Z	44	PC: 12fc1 \| Get time 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop 0x12fd6: push cs 0x12fd7: nop 0x12fd8: pop ds 0x12fd9: nop 0x12fda: mov ah, 0x1a 0x12fdc: nop 0x12fdd: mov dx, 0x80 0x12fe0: nop
2018-12-25T11:59:20.705653327Z	9	PC: 12ff6 \| Display string (Could not find end pointer)
2018-12-25T11:59:20.73222661Z	37	PC: 12fd5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:20.733830827Z	26	PC: 12fe3 \| Set disk transfer address
2018-12-25T11:59:20.735380238Z	9	PC: 12a47 \| Display string (String= ' == [1994v1] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T11:59:20.748546528Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6434,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:19.80971413Z	26	PC: 12f28 \| Set disk transfer address
2018-12-25T11:59:19.816086769Z	53	PC: 12f2f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.817412413Z	37	PC: 12f44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.818663368Z	78	PC: 12f56 \| Find first file
2018-12-25T11:59:19.826423141Z	61	PC: 130e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:19.833689202Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:19.840318909Z	62	PC: 12f71 \| Close file
2018-12-25T11:59:19.843459563Z	67	PC: 130f3 \| Get or set file attributes
2018-12-25T11:59:20.023240745Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.029957425Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:20.032977057Z	66	PC: 130a8 \| Move file pointer
2018-12-25T11:59:20.035148168Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-25T11:59:20.043176979Z	87	PC: 130c7 \| Get or set file date and time
2018-12-25T11:59:20.045086991Z	62	PC: 130cc \| Close file
2018-12-25T11:59:20.063048199Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.072877419Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.075748651Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.082943611Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.089760368Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.092256889Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.10563922Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.119016034Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.121841826Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.124001424Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.13235331Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.134184844Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.158253635Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.168419297Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.170899688Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.178121681Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.184158322Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.185993973Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.195650791Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.202626878Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.211487758Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.213331289Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.241770388Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.243274452Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.250771899Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.261202304Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.263705528Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.269664119Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.276096686Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.277785633Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.287985946Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.295267048Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.311040576Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.312757824Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.321804919Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.323410475Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.331206344Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.341843169Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.344595833Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.351711809Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.358524808Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.360645169Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.370466278Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.377877195Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.381154214Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.38278213Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.390861346Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.393252705Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.400885689Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.410809707Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.415391964Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.422037784Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.428417728Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.431508353Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.441415699Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.44818403Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.452097296Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.453707619Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.461403136Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.463064118Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.467838206Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.473871667Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.476226973Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.480686203Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.484710427Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.486570212Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.49274604Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.497061099Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.499425465Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.500528804Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.505510688Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.507338533Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.512921015Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.522603382Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.526216788Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.537420697Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.544168004Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.54688933Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.549548035Z	42	PC: 12fb4 \| Get date 0x12fb4: nop 0x12fb5: cmp dl, 1 0x12fb8: nop 0x12fb9: jne 0x12fc8 0x12fbb: nop 0x12fbc: mov ah, 0x2c 0x12fbe: nop 0x12fbf: int 0x21 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop
2018-12-25T11:59:20.551616524Z	37	PC: 12fd5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:20.553642704Z	26	PC: 12fe3 \| Set disk transfer address
2018-12-25T11:59:20.55475347Z	9	PC: 12a47 \| Display string (String= ' == [1994v1] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T11:59:20.567298325Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6434,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:19.919898814Z	26	PC: 12f28 \| Set disk transfer address
2018-12-25T11:59:19.924328925Z	53	PC: 12f2f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.9256221Z	37	PC: 12f44 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:19.926778024Z	78	PC: 12f56 \| Find first file
2018-12-25T11:59:19.938129505Z	61	PC: 130e5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:19.944996445Z	63	PC: 12f6d \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:59:19.951435793Z	62	PC: 12f71 \| Close file
2018-12-25T11:59:19.954764383Z	67	PC: 130f3 \| Get or set file attributes
2018-12-25T11:59:20.022598448Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.029617309Z	64	PC: 1309c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:20.034224285Z	66	PC: 130a8 \| Move file pointer
2018-12-25T11:59:20.036185687Z	64	PC: 130b7 \| Write file or device (Write 510 bytes on handle 5)
2018-12-25T11:59:20.044399708Z	87	PC: 130c7 \| Get or set file date and time
2018-12-25T11:59:20.046560418Z	62	PC: 130cc \| Close file
2018-12-25T11:59:20.054460892Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.068993369Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.0715036Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.078583619Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.085705499Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.087822539Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.0983314Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.105372982Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.108136726Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.110801851Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.120036836Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.121475248Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.130472314Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.140189926Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.143102181Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.150321924Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.156836274Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.158927958Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.170636004Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.177351318Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.180308363Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.182504577Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.191160953Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.192911937Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.200647339Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.210711933Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.21347618Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.220171018Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.227308326Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.229276441Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.241607958Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.249350966Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.255842279Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.257334001Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.265835398Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.267467874Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.274927263Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.285081921Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.287703879Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.293976113Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.301380397Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.303193836Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.312837227Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.32065126Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.323663474Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.325291657Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.33426816Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.335920089Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.343209005Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.353913589Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.356749444Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.368652429Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.375557831Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.377694736Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.387459106Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.392349234Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.394208708Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.395645796Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.401979051Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.403274904Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.408560486Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.417072752Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.418914803Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.427312462Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.43345564Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.434904471Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.441843579Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.447349315Z	64	PC: 1309c \| Write file or device (See above)
2018-12-25T11:59:20.450295663Z	66	PC: 130a8 \| Move file pointer (See above)
2018-12-25T11:59:20.451699379Z	64	PC: 130b7 \| Write file or device (See above)
2018-12-25T11:59:20.457897774Z	87	PC: 130c7 \| Get or set file date and time (See above)
2018-12-25T11:59:20.459226107Z	62	PC: 130cc \| Close file (See above)
2018-12-25T11:59:20.464228436Z	67	PC: 130f3 \| Get or set file attributes (See above)
2018-12-25T11:59:20.471218168Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.474076933Z	61	PC: 130e5 \| Open file (See above)
2018-12-25T11:59:20.483143895Z	63	PC: 12f6d \| Read file or device (See above)
2018-12-25T11:59:20.490868974Z	62	PC: 12f71 \| Close file (See above)
2018-12-25T11:59:20.493202388Z	79	PC: 12f56 \| Find next file (See above)
2018-12-25T11:59:20.496234343Z	42	PC: 12fb4 \| Get date 0x12fb4: nop 0x12fb5: cmp dl, 1 0x12fb8: nop 0x12fb9: jne 0x12fc8 0x12fbb: nop 0x12fbc: mov ah, 0x2c 0x12fbe: nop 0x12fbf: int 0x21 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop
2018-12-25T11:59:20.498344076Z	44	PC: 12fc1 \| Get time 0x12fc1: nop 0x12fc2: cmp dl, 0x63 0x12fc5: nop 0x12fc6: jbe 0x12fec 0x12fc8: mov ax, 0x2524 0x12fcb: nop 0x12fcc: nop 0x12fcd: lds dx, ptr [bp + 0x301] 0x12fd1: nop 0x12fd2: nop 0x12fd3: int 0x21 0x12fd5: nop 0x12fd6: push cs 0x12fd7: nop 0x12fd8: pop ds 0x12fd9: nop 0x12fda: mov ah, 0x1a 0x12fdc: nop 0x12fdd: mov dx, 0x80 0x12fe0: nop
2018-12-25T11:59:20.500892563Z	9	PC: 12ff6 \| Display string (Could not find end pointer)
2018-12-25T11:59:20.53623548Z	37	PC: 12fd5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:20.537599124Z	26	PC: 12fe3 \| Set disk transfer address
2018-12-25T11:59:20.539558084Z	9	PC: 12a47 \| Display string (String= ' == [1994v1] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T11:59:20.552416761Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')