Sample viewer

vx.netlux.org/Virus.DOS.VCL.Replico.495

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:28.788591082Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:28.79027735Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:41:28.79182495Z 26 PC: 12f73 | Set disk transfer address
2018-12-17T22:41:28.792827548Z 53 PC: 12e72 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:28.794490012Z 37 PC: 12e84 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:28.795518375Z 71 PC: 12e90 | Get current directory
2018-12-17T22:41:28.798248386Z 78 PC: 12ecb | Find first file
2018-12-17T22:41:28.804582387Z 61 PC: 12f7c | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:28.811505572Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:28.817646732Z 62 PC: 12eea | Close file
2018-12-17T22:41:28.819990238Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:28.833139534Z 61 PC: 12f7c | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:28.83748494Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:28.840417226Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:28.84177006Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:28.843951093Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 5)
2018-12-17T22:41:28.851960911Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:28.853636545Z 62 PC: 12f5b | Close file
2018-12-17T22:41:28.860800213Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:28.87086618Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:28.873762561Z 61 PC: 12f7c | Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:28.88031159Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:28.886235253Z 62 PC: 12eea | Close file
2018-12-17T22:41:28.888301449Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:28.897629962Z 61 PC: 12f7c | Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:28.9037315Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:28.906793048Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:28.908091371Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:28.910237808Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 5)
2018-12-17T22:41:28.918282744Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:28.919560863Z 62 PC: 12f5b | Close file
2018-12-17T22:41:28.927071291Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:28.936991713Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:28.939346295Z 61 PC: 12f7c | Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:28.945396863Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:28.951762442Z 62 PC: 12eea | Close file
2018-12-17T22:41:28.953370486Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:28.962900828Z 61 PC: 12f7c | Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:28.969920125Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:28.972536503Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:28.973823977Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:28.976652192Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 5)
2018-12-17T22:41:28.984502462Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:28.985890781Z 62 PC: 12f5b | Close file
2018-12-17T22:41:28.994645386Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.003959655Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:29.006414701Z 61 PC: 12f7c | Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:29.022312769Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:29.028490932Z 62 PC: 12eea | Close file
2018-12-17T22:41:29.030264983Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.040373878Z 61 PC: 12f7c | Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:29.047033011Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:29.049945099Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:29.051749428Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:29.055372395Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 5)
2018-12-17T22:41:29.063689027Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:29.065861584Z 62 PC: 12f5b | Close file
2018-12-17T22:41:29.073478186Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.083123553Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:29.085957896Z 61 PC: 12f7c | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:41:29.093543442Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:41:29.099819227Z 62 PC: 12eea | Close file
2018-12-17T22:41:29.101878775Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.107213786Z 61 PC: 12f7c | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:41:29.116543381Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:41:29.120105266Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:29.122089585Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:29.124413662Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 2)
2018-12-17T22:41:29.129135511Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:29.131851421Z 62 PC: 12f5b | Close file
2018-12-17T22:41:29.133617223Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.13780702Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:29.144509207Z 61 PC: 12f7c | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:41:29.151271148Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:41:29.157368421Z 62 PC: 12eea | Close file
2018-12-17T22:41:29.159662091Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.16971501Z 61 PC: 12f7c | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:41:29.176103247Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:41:29.179600213Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:29.18088269Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:29.183136383Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 2)
2018-12-17T22:41:29.19270646Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:29.19463757Z 62 PC: 12f5b | Close file
2018-12-17T22:41:29.202067978Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.212953265Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:29.215724106Z 61 PC: 12f7c | Open file (Filename = 'PAH.COM')
2018-12-17T22:41:29.222375597Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:41:29.229515505Z 62 PC: 12eea | Close file
2018-12-17T22:41:29.231462871Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.241577802Z 61 PC: 12f7c | Open file (Filename = 'PAH.COM')
2018-12-17T22:41:29.255042276Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T22:41:29.262187213Z 66 PC: 12f6e | Move file pointer
2018-12-17T22:41:29.264144585Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-17T22:41:29.268227255Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 2)
2018-12-17T22:41:29.275729422Z 87 PC: 12f57 | Get or set file date and time
2018-12-17T22:41:29.27755917Z 62 PC: 12f5b | Close file
2018-12-17T22:41:29.284958621Z 67 PC: 12f87 | Get or set file attributes
2018-12-17T22:41:29.293859471Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:29.296165724Z 61 PC: 12f7c | Open file (Filename = 'TEST.COM')
2018-12-17T22:41:29.301760976Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:41:29.307860599Z 62 PC: 12eea | Close file
2018-12-17T22:41:29.309830813Z 79 PC: 12ecb | Find next file
2018-12-17T22:41:29.312105636Z 59 PC: 12e9f | Change current directory
2018-12-17T22:41:29.316940983Z 9 PC: 12ea9 | Display string (String= 'Replico Virus NoTrace E Italian Viral Labs [IVP] ')
2018-12-17T22:41:29.322349235Z 37 PC: 12eb3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:29.32332735Z 59 PC: 12ebd | Change current directory
2018-12-17T22:41:29.325135081Z 26 PC: 12f73 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7215,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:09.493416212Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:09.495179077Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:01:09.496618827Z 26 PC: 12f73 | Set disk transfer address
2018-12-25T12:01:09.497543131Z 53 PC: 12e72 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:09.498996391Z 37 PC: 12e84 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:09.499932122Z 71 PC: 12e90 | Get current directory
2018-12-25T12:01:09.502536718Z 78 PC: 12ecb | Find first file
2018-12-25T12:01:09.508610258Z 61 PC: 12f7c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:09.514823252Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:01:09.520687751Z 62 PC: 12eea | Close file
2018-12-25T12:01:09.522449738Z 67 PC: 12f87 | Get or set file attributes
2018-12-25T12:01:09.538975525Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.546385321Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:09.549154912Z 66 PC: 12f6e | Move file pointer
2018-12-25T12:01:09.550795885Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-25T12:01:09.553128106Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 5)
2018-12-25T12:01:09.561703565Z 87 PC: 12f57 | Get or set file date and time
2018-12-25T12:01:09.563478458Z 62 PC: 12f5b | Close file
2018-12-25T12:01:09.572973452Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.583022339Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.58615473Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.592379471Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.598362125Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.600476954Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.610455515Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.616808469Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.619869934Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.621116855Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.623400963Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.632416916Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.634288588Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.641764081Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.65172107Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.654437382Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.660681511Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.667194424Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.668851502Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.678449851Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.690107112Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.696832984Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.698100734Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.700793209Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.708680177Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.709992253Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.718681632Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.728470324Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.731724872Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.739012548Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.745147481Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.746856638Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.757211122Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.767294176Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.769964047Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.771543414Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.774067494Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.782321175Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.783789303Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.791296687Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.801085213Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.802955102Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.809861911Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.81590384Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.81757139Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.826977861Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.831323172Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.833766672Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.835128347Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.837296655Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.850640564Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.852061339Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.853612554Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.857659523Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.865194531Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.871733916Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.877870253Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.879965253Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.896861893Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.903196785Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.906432337Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.907841494Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.909758113Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.91532212Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.916672936Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.923894459Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.933825686Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.937408436Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.943675225Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.950703466Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.95233302Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.961770731Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.968496574Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.971039106Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.972227468Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.975121937Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.983244793Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.984827746Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.992977783Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:10.002398583Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:10.004902608Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:10.016671739Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:10.022738833Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:10.024373167Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:10.027113266Z 59 PC: 12e9f | Change current directory
2018-12-25T12:01:10.030989923Z 9 PC: 12ea9 | Display string (String= 'Replico Virus NoTrace E Italian Viral Labs [IVP] ')
2018-12-25T12:01:10.037207004Z 37 PC: 12eb3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:10.038933248Z 59 PC: 12ebd | Change current directory
2018-12-25T12:01:10.040640075Z 26 PC: 12f73 | Set disk transfer address (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":7215,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:09.65179737Z 37 PC: 12e3f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:09.653062019Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:01:09.654250704Z 26 PC: 12f73 | Set disk transfer address
2018-12-25T12:01:09.655113798Z 53 PC: 12e72 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:09.656580417Z 37 PC: 12e84 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:09.657476639Z 71 PC: 12e90 | Get current directory
2018-12-25T12:01:09.659362567Z 78 PC: 12ecb | Find first file
2018-12-25T12:01:09.663322187Z 61 PC: 12f7c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:09.683634479Z 63 PC: 12ee6 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:01:09.690576695Z 62 PC: 12eea | Close file
2018-12-25T12:01:09.69235697Z 67 PC: 12f87 | Get or set file attributes
2018-12-25T12:01:09.707142036Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.713375667Z 64 PC: 12f30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:09.715892307Z 66 PC: 12f6e | Move file pointer
2018-12-25T12:01:09.717171589Z 44 PC: 12f3b | Get time 0x12f3b: cmp dh, 0
0x12f3e: je 0x12f37
0x12f40: mov byte ptr cs:[bp + 0x2f1], dh
0x12f45: call 0x12fcd
0x12f48: mov ax, 0x5701
0x12f4b: mov cx, word ptr cs:[bp + 0x364]
0x12f50: mov dx, word ptr cs:[bp + 0x366]
0x12f55: int 0x21
0x12f57: mov ah, 0x3e
0x12f59: int 0x21
0x12f5b: xor cx, cx
0x12f5d: mov cl, byte ptr cs:[bp + 0x363]
0x12f62: call 0x12f7e
0x12f65: ret
0x12f66: mov ah, 0x42
0x12f68: xor cx, cx
0x12f6a: xor dx, dx
0x12f6c: int 0x21
0x12f6e: ret
0x12f6f: mov ah, 0x1a
2018-12-25T12:01:09.719320354Z 64 PC: 1302a | Write file or device (Write 495 bytes on handle 5)
2018-12-25T12:01:09.727231517Z 87 PC: 12f57 | Get or set file date and time
2018-12-25T12:01:09.728843834Z 62 PC: 12f5b | Close file
2018-12-25T12:01:09.736398006Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.745720638Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.748410576Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.754643279Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.760724212Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.762786753Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.772575124Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.779252629Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.782662015Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.783932496Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.78598759Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.794275964Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.795686109Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.803395932Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.813289698Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.815813326Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.821973381Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.82879946Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.830583614Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.840124017Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.846802811Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.849381103Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.850724393Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.853341577Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.861728538Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.863017737Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.870832581Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.881000906Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.883619999Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.890468704Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.896525225Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.898017473Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.907901911Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.918920081Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.925468802Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.926952747Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.92923438Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:09.934468694Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:09.936315442Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:09.943698437Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.953114205Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:09.955937961Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.962148105Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:09.968128047Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:09.970072531Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:09.974206639Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:09.983562182Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:09.98614125Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:09.987596574Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:09.989807121Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:10.001159418Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:10.002491793Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:10.003915049Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:10.008004397Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:10.014213489Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:10.020356585Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:10.026504721Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:10.033011748Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:10.042778113Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:10.049988529Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:10.052703432Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:10.054129646Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:10.057207575Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:10.065894856Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:10.067310929Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:10.074755414Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:10.0847071Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:10.087188359Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:10.093428492Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:10.099743082Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:10.101423408Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:10.115735716Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:10.123250966Z 64 PC: 12f30 | Write file or device (See above)
2018-12-25T12:01:10.125781581Z 66 PC: 12f6e | Move file pointer (See above)
2018-12-25T12:01:10.127278284Z 44 PC: 12f3b | Get time (See above)
2018-12-25T12:01:10.130057718Z 64 PC: 1302a | Write file or device (See above)
2018-12-25T12:01:10.137972263Z 87 PC: 12f57 | Get or set file date and time (See above)
2018-12-25T12:01:10.139275571Z 62 PC: 12f5b | Close file (See above)
2018-12-25T12:01:10.146986385Z 67 PC: 12f87 | Get or set file attributes (See above)
2018-12-25T12:01:10.156405792Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:10.15877635Z 61 PC: 12f7c | Open file (See above)
2018-12-25T12:01:10.165351634Z 63 PC: 12ee6 | Read file or device (See above)
2018-12-25T12:01:10.171489464Z 62 PC: 12eea | Close file (See above)
2018-12-25T12:01:10.172966803Z 79 PC: 12ecb | Find next file (See above)
2018-12-25T12:01:10.175658903Z 59 PC: 12e9f | Change current directory
2018-12-25T12:01:10.179811085Z 9 PC: 12ea9 | Display string (String= 'Replico Virus NoTrace E Italian Viral Labs [IVP] ')
2018-12-25T12:01:10.191820283Z 37 PC: 12eb3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:10.19330156Z 59 PC: 12ebd | Change current directory
2018-12-25T12:01:10.19491062Z 26 PC: 12f73 | Set disk transfer address (See above)