{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:17.785502404Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:17.787421398Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:17.789513336Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:17.791421277Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:17.793651301Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
{"DateBased":true,"Day":12,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.115534113Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.116417889Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.118811048Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.119957435Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.453635008Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.147503732Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.149119624Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.152092306Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.153906261Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.156898Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
{"DateBased":true,"Day":3,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.182027954Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.18359794Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.185705557Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.187025059Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.189746588Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
| 2018-12-25T12:30:18.193385367Z | 9 | PC: 12ae0 | Display string (String= 'Long Live the New World Order!') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.184745428Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.186954274Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.189970679Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.191583755Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.194484958Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
{"DateBased":true,"Day":12,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.467637943Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.469188865Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.470717658Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.472095139Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.796199864Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.754102016Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.755611948Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.757149303Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.758488949Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.761893083Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
{"DateBased":true,"Day":3,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11312,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:18.804544016Z | 255 | PC: 12a54 | UNKNOWN! |
| 2018-12-25T12:30:18.806444224Z | 53 | PC: 12a61 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.811819166Z | 37 | PC: 12aa6 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:18.813734377Z | 42 | PC: 12ab3 | Get date 0x12ab3: cmp dx, 0x60c 0x12ab7: jne 0x12acb 0x12ab9: mov ax, 0x311 0x12abc: mov dx, 0x80 0x12abf: mov cx, 1 0x12ac2: int 0x13 0x12ac4: inc dh 0x12ac6: mov ax, 0x311 0x12ac9: int 0x13 0x12acb: mov ah, 0x2a 0x12acd: int 0x21 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds |
| 2018-12-25T12:30:18.816148783Z | 42 | PC: 12acf | Get date 0x12acf: cmp dx, 0x503 0x12ad3: jne 0x12ae1 0x12ad5: push ds 0x12ad6: push cs 0x12ad7: pop ds 0x12ad8: mov ah, 9 0x12ada: lea dx, word ptr [0x205] 0x12ade: int 0x21 0x12ae0: pop ds 0x12ae1: cmp byte ptr cs:[bp + 0x24a], 0 0x12ae7: jne 0x12b08 0x12ae9: lea si, word ptr [bp + 0x224] 0x12aed: mov di, 0x100 0x12af0: mov cx, 3 0x12af3: cld 0x12af4: rep movsb byte ptr es:[di], byte ptr [si] 0x12af6: mov ax, 0x100 0x12af9: push ax 0x12afa: xor ax, ax 0x12afc: cdq |
| 2018-12-25T12:30:18.82024378Z | 9 | PC: 12ae0 | Display string (String= 'Long Live the New World Order!') |