{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12605,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:42.621108372Z | 37 | PC: 155d4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:35:42.624041802Z | 37 | PC: 155d8 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:35:42.626952582Z | 71 | PC: 1566f | Get current directory |
| 2018-12-25T12:35:42.630742774Z | 47 | PC: 15673 | Get disk transfer address |
| 2018-12-25T12:35:42.634703517Z | 26 | PC: 156d3 | Set disk transfer address |
| 2018-12-25T12:35:42.636849488Z | 78 | PC: 156dc | Find first file |
| 2018-12-25T12:35:42.645702528Z | 61 | PC: 15706 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:35:42.654815746Z | 63 | PC: 1571f | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:35:42.658121566Z | 62 | PC: 15732 | Close file |
| 2018-12-25T12:35:42.661352064Z | 79 | PC: 15736 | Find next file |
| 2018-12-25T12:35:42.664990166Z | 26 | PC: 15690 | Set disk transfer address |
| 2018-12-25T12:35:42.666475394Z | 59 | PC: 15697 | Change current directory |
| 2018-12-25T12:35:42.671070831Z | 78 | PC: 156a1 | Find first file |
| 2018-12-25T12:35:42.677920603Z | 79 | PC: 156aa | Find next file |
| 2018-12-25T12:35:42.690156043Z | 59 | PC: 158a8 | Change current directory |
| 2018-12-25T12:35:42.696510334Z | 71 | PC: 1566f | Get current directory (See above) |
| 2018-12-25T12:35:42.700381315Z | 47 | PC: 15673 | Get disk transfer address (See above) |
| 2018-12-25T12:35:42.704713599Z | 26 | PC: 156d3 | Set disk transfer address (See above) |
| 2018-12-25T12:35:42.706202242Z | 78 | PC: 156dc | Find first file (See above) |
| 2018-12-25T12:35:42.713984592Z | 61 | PC: 15706 | Open file (See above) |
| 2018-12-25T12:35:42.722920445Z | 63 | PC: 1571f | Read file or device (See above) |
| 2018-12-25T12:35:42.726210934Z | 62 | PC: 15732 | Close file (See above) |
| 2018-12-25T12:35:42.728317943Z | 79 | PC: 15736 | Find next file (See above) |
| 2018-12-25T12:35:42.731645125Z | 26 | PC: 15690 | Set disk transfer address (See above) |
| 2018-12-25T12:35:42.733125105Z | 59 | PC: 15697 | Change current directory (See above) |
| 2018-12-25T12:35:42.737706881Z | 78 | PC: 156a1 | Find first file (See above) |
| 2018-12-25T12:35:42.74438755Z | 79 | PC: 156aa | Find next file (See above) |
| 2018-12-25T12:35:42.748748904Z | 59 | PC: 158a8 | Change current directory (See above) |
| 2018-12-25T12:35:42.753339708Z | 42 | PC: 158c7 | Get date 0x158c7: cmp dl, 0x17 0x158ca: je 0x158cf 0x158cc: jmp 0x158d7 0x158ce: nop 0x158cf: cmp dh, 2 0x158d2: jne 0x158d7 0x158d4: call 0x15914 0x158d7: xor ax, ax 0x158d9: mov ds, ax 0x158db: mov si, 0x90 0x158de: mov ax, word ptr cs:[0x540] 0x158e2: mov bx, word ptr cs:[0x542] 0x158e7: mov word ptr [si], ax 0x158e9: mov word ptr [si + 2], bx 0x158ec: mov ds, word ptr cs:[0x550] 0x158f1: mov es, word ptr cs:[0x556] 0x158f6: cli 0x158f7: mov ss, word ptr cs:[0x54c] 0x158fc: mov sp, word ptr cs:[0x54e] 0x15901: xor ax, ax |
{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12605,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:42.821163362Z | 37 | PC: 155d4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:35:42.823402146Z | 37 | PC: 155d8 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:35:42.82582104Z | 71 | PC: 1566f | Get current directory |
| 2018-12-25T12:35:42.828956571Z | 47 | PC: 15673 | Get disk transfer address |
| 2018-12-25T12:35:42.831396846Z | 26 | PC: 156d3 | Set disk transfer address |
| 2018-12-25T12:35:42.83274824Z | 78 | PC: 156dc | Find first file |
| 2018-12-25T12:35:42.83887552Z | 61 | PC: 15706 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:35:42.846193094Z | 63 | PC: 1571f | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:35:42.848919878Z | 62 | PC: 15732 | Close file |
| 2018-12-25T12:35:42.850754736Z | 79 | PC: 15736 | Find next file |
| 2018-12-25T12:35:42.853511918Z | 26 | PC: 15690 | Set disk transfer address |
| 2018-12-25T12:35:42.854790263Z | 59 | PC: 15697 | Change current directory |
| 2018-12-25T12:35:42.858614433Z | 78 | PC: 156a1 | Find first file |
| 2018-12-25T12:35:42.865048611Z | 79 | PC: 156aa | Find next file |
| 2018-12-25T12:35:42.867530397Z | 59 | PC: 158a8 | Change current directory |
| 2018-12-25T12:35:42.871432776Z | 71 | PC: 1566f | Get current directory (See above) |
| 2018-12-25T12:35:42.875752342Z | 47 | PC: 15673 | Get disk transfer address (See above) |
| 2018-12-25T12:35:42.87687712Z | 26 | PC: 156d3 | Set disk transfer address (See above) |
| 2018-12-25T12:35:42.877925228Z | 78 | PC: 156dc | Find first file (See above) |
| 2018-12-25T12:35:42.884251883Z | 61 | PC: 15706 | Open file (See above) |
| 2018-12-25T12:35:42.891502744Z | 63 | PC: 1571f | Read file or device (See above) |
| 2018-12-25T12:35:42.895178963Z | 62 | PC: 15732 | Close file (See above) |
| 2018-12-25T12:35:42.897313773Z | 79 | PC: 15736 | Find next file (See above) |
| 2018-12-25T12:35:42.900537034Z | 26 | PC: 15690 | Set disk transfer address (See above) |
| 2018-12-25T12:35:42.901768561Z | 59 | PC: 15697 | Change current directory (See above) |
| 2018-12-25T12:35:42.905853073Z | 78 | PC: 156a1 | Find first file (See above) |
| 2018-12-25T12:35:42.912473369Z | 79 | PC: 156aa | Find next file (See above) |
| 2018-12-25T12:35:42.915378225Z | 59 | PC: 158a8 | Change current directory (See above) |
| 2018-12-25T12:35:42.919311681Z | 42 | PC: 158c7 | Get date 0x158c7: cmp dl, 0x17 0x158ca: je 0x158cf 0x158cc: jmp 0x158d7 0x158ce: nop 0x158cf: cmp dh, 2 0x158d2: jne 0x158d7 0x158d4: call 0x15914 0x158d7: xor ax, ax 0x158d9: mov ds, ax 0x158db: mov si, 0x90 0x158de: mov ax, word ptr cs:[0x540] 0x158e2: mov bx, word ptr cs:[0x542] 0x158e7: mov word ptr [si], ax 0x158e9: mov word ptr [si + 2], bx 0x158ec: mov ds, word ptr cs:[0x550] 0x158f1: mov es, word ptr cs:[0x556] 0x158f6: cli 0x158f7: mov ss, word ptr cs:[0x54c] 0x158fc: mov sp, word ptr cs:[0x54e] 0x15901: xor ax, ax |
{"DateBased":true,"Day":23,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12605,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:42.869613705Z | 37 | PC: 155d4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-25T12:35:42.872412242Z | 37 | PC: 155d8 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-25T12:35:42.874997009Z | 71 | PC: 1566f | Get current directory |
| 2018-12-25T12:35:42.87826208Z | 47 | PC: 15673 | Get disk transfer address |
| 2018-12-25T12:35:42.883064335Z | 26 | PC: 156d3 | Set disk transfer address |
| 2018-12-25T12:35:42.884591991Z | 78 | PC: 156dc | Find first file |
| 2018-12-25T12:35:42.895860754Z | 61 | PC: 15706 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:35:42.916548323Z | 63 | PC: 1571f | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T12:35:42.919936893Z | 62 | PC: 15732 | Close file |
| 2018-12-25T12:35:42.922020622Z | 79 | PC: 15736 | Find next file |
| 2018-12-25T12:35:42.925044732Z | 26 | PC: 15690 | Set disk transfer address |
| 2018-12-25T12:35:42.927480215Z | 59 | PC: 15697 | Change current directory |
| 2018-12-25T12:35:42.931519271Z | 78 | PC: 156a1 | Find first file |
| 2018-12-25T12:35:42.937259109Z | 79 | PC: 156aa | Find next file |
| 2018-12-25T12:35:42.940313407Z | 59 | PC: 158a8 | Change current directory |
| 2018-12-25T12:35:42.94564843Z | 71 | PC: 1566f | Get current directory (See above) |
| 2018-12-25T12:35:42.948926827Z | 47 | PC: 15673 | Get disk transfer address (See above) |
| 2018-12-25T12:35:42.951764399Z | 26 | PC: 156d3 | Set disk transfer address (See above) |
| 2018-12-25T12:35:42.95374377Z | 78 | PC: 156dc | Find first file (See above) |
| 2018-12-25T12:35:42.958396686Z | 61 | PC: 15706 | Open file (See above) |
| 2018-12-25T12:35:42.966538539Z | 63 | PC: 1571f | Read file or device (See above) |
| 2018-12-25T12:35:42.969468458Z | 62 | PC: 15732 | Close file (See above) |
| 2018-12-25T12:35:42.971874408Z | 79 | PC: 15736 | Find next file (See above) |
| 2018-12-25T12:35:42.975555255Z | 26 | PC: 15690 | Set disk transfer address (See above) |
| 2018-12-25T12:35:42.976826885Z | 59 | PC: 15697 | Change current directory (See above) |
| 2018-12-25T12:35:42.98132472Z | 78 | PC: 156a1 | Find first file (See above) |
| 2018-12-25T12:35:42.988064077Z | 79 | PC: 156aa | Find next file (See above) |
| 2018-12-25T12:35:42.991451699Z | 59 | PC: 158a8 | Change current directory (See above) |
| 2018-12-25T12:35:42.996027332Z | 42 | PC: 158c7 | Get date 0x158c7: cmp dl, 0x17 0x158ca: je 0x158cf 0x158cc: jmp 0x158d7 0x158ce: nop 0x158cf: cmp dh, 2 0x158d2: jne 0x158d7 0x158d4: call 0x15914 0x158d7: xor ax, ax 0x158d9: mov ds, ax 0x158db: mov si, 0x90 0x158de: mov ax, word ptr cs:[0x540] 0x158e2: mov bx, word ptr cs:[0x542] 0x158e7: mov word ptr [si], ax 0x158e9: mov word ptr [si + 2], bx 0x158ec: mov ds, word ptr cs:[0x550] 0x158f1: mov es, word ptr cs:[0x556] 0x158f6: cli 0x158f7: mov ss, word ptr cs:[0x54c] 0x158fc: mov sp, word ptr cs:[0x54e] 0x15901: xor ax, ax |
| 2018-12-25T12:35:42.999306638Z | 9 | PC: 1591b | Display string (String= ' En el glorioso d�a del 23-F') |
| 2018-12-25T12:35:43.005925962Z | 9 | PC: 15920 | Display string (String= ' has sido infectado por el virus Txapela 1.00') |
| 2018-12-25T12:35:43.011542272Z | 9 | PC: 15925 | Display string (String= ' la has cagao, macho...') |
| 2018-12-25T12:35:43.017929385Z | 25 | PC: 15929 | Get default drive |
| 2018-12-25T12:35:43.254757597Z | 62 | PC: 1593a | Close file |
| 2018-12-25T12:35:43.257494001Z | 26 | PC: 15941 | Set disk transfer address |