{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2996,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:58.128850249Z | 87 | PC: 130ef | Get or set file date and time |
| 2018-12-25T11:47:58.130796747Z | 87 | PC: 13141 | Get or set file date and time |
| 2018-12-25T11:47:58.132421437Z | 74 | PC: 131d2 | Reallocate memory |
| 2018-12-25T11:47:58.133645311Z | 53 | PC: 131d7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.138593577Z | 37 | PC: 131eb | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.14373036Z | 42 | PC: 1321d | Get date 0x1321d: cmp al, 0 0x1321f: jne 0x13226 0x13221: add word ptr [0x83], 0x50 0x13226: cmp cx, 0x7c8 0x1322a: je 0x13257 0x1322c: cmp dx, 0xc0c 0x13230: jne 0x1323d 0x13232: mov byte ptr [0x8a], 0xd 0x13237: call 0x22ff2 0x1323a: jmp 0x13257 0x1323c: nop 0x1323d: mov byte ptr [0x8a], 0xc 0x13242: mov ax, 0x3508 0x13245: int 0x21 0x13247: mov word ptr [0xf], bx 0x1324b: mov word ptr [0x11], es 0x1324f: mov ax, 0x2508 0x13252: mov dx, 0x17b 0x13255: int 0x21 0x13257: mov ax, 0x3509 |
| 2018-12-25T11:47:58.145741864Z | 53 | PC: 13247 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:47:58.147008906Z | 37 | PC: 13257 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:47:58.148399995Z | 53 | PC: 1325c | Get interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T11:47:58.149443486Z | 37 | PC: 1326c | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T11:47:58.150472269Z | 75 | PC: 13278 | Execute program |
| 2018-12-25T11:47:58.164437539Z | 9 | PC: 13557 | Display string (String= 'This is Friday Rx (2229) virus ..! Caught By Peter Ferng ..!') |
| 2018-12-25T11:47:58.169382826Z | 73 | PC: 1327e | Release memory |
| 2018-12-25T11:47:58.170545081Z | 77 | PC: 13282 | Get program return code |
| 2018-12-25T11:47:58.172510698Z | 49 | PC: 13290 | Terminate and stay resident (Return code = '0' | Memory size = '156') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2996,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:58.227057331Z | 87 | PC: 130ef | Get or set file date and time |
| 2018-12-25T11:47:58.229687381Z | 87 | PC: 13141 | Get or set file date and time |
| 2018-12-25T11:47:58.231654259Z | 74 | PC: 131d2 | Reallocate memory |
| 2018-12-25T11:47:58.232818187Z | 53 | PC: 131d7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.234081872Z | 37 | PC: 131eb | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.235191382Z | 42 | PC: 1321d | Get date 0x1321d: cmp al, 0 0x1321f: jne 0x13226 0x13221: add word ptr [0x83], 0x50 0x13226: cmp cx, 0x7c8 0x1322a: je 0x13257 0x1322c: cmp dx, 0xc0c 0x13230: jne 0x1323d 0x13232: mov byte ptr [0x8a], 0xd 0x13237: call 0x22ff2 0x1323a: jmp 0x13257 0x1323c: nop 0x1323d: mov byte ptr [0x8a], 0xc 0x13242: mov ax, 0x3508 0x13245: int 0x21 0x13247: mov word ptr [0xf], bx 0x1324b: mov word ptr [0x11], es 0x1324f: mov ax, 0x2508 0x13252: mov dx, 0x17b 0x13255: int 0x21 0x13257: mov ax, 0x3509 |
| 2018-12-25T11:47:58.236613225Z | 53 | PC: 13247 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:47:58.23742058Z | 37 | PC: 13257 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:47:58.238635328Z | 53 | PC: 1325c | Get interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T11:47:58.23972518Z | 37 | PC: 1326c | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T11:47:58.240535167Z | 75 | PC: 13278 | Execute program |
| 2018-12-25T11:47:58.249541418Z | 9 | PC: 13557 | Display string (String= 'This is Friday Rx (2229) virus ..! Caught By Peter Ferng ..!') |
| 2018-12-25T11:47:58.252758831Z | 73 | PC: 1327e | Release memory |
| 2018-12-25T11:47:58.25358346Z | 77 | PC: 13282 | Get program return code |
| 2018-12-25T11:47:58.254819427Z | 49 | PC: 13290 | Terminate and stay resident (Return code = '0' | Memory size = '156') |
{"DateBased":true,"Day":12,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2996,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:58.363715302Z | 87 | PC: 130ef | Get or set file date and time |
| 2018-12-25T11:47:58.365647273Z | 87 | PC: 13141 | Get or set file date and time |
| 2018-12-25T11:47:58.367414849Z | 74 | PC: 131d2 | Reallocate memory |
| 2018-12-25T11:47:58.368732241Z | 53 | PC: 131d7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.370258741Z | 37 | PC: 131eb | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.371590678Z | 42 | PC: 1321d | Get date 0x1321d: cmp al, 0 0x1321f: jne 0x13226 0x13221: add word ptr [0x83], 0x50 0x13226: cmp cx, 0x7c8 0x1322a: je 0x13257 0x1322c: cmp dx, 0xc0c 0x13230: jne 0x1323d 0x13232: mov byte ptr [0x8a], 0xd 0x13237: call 0x22ff2 0x1323a: jmp 0x13257 0x1323c: nop 0x1323d: mov byte ptr [0x8a], 0xc 0x13242: mov ax, 0x3508 0x13245: int 0x21 0x13247: mov word ptr [0xf], bx 0x1324b: mov word ptr [0x11], es 0x1324f: mov ax, 0x2508 0x13252: mov dx, 0x17b 0x13255: int 0x21 0x13257: mov ax, 0x3509 |
| 2018-12-25T11:47:58.373968097Z | 54 | PC: 13009 | Get free disk space |
{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2996,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:58.547792022Z | 87 | PC: 130ef | Get or set file date and time |
| 2018-12-25T11:47:58.551848339Z | 87 | PC: 13141 | Get or set file date and time |
| 2018-12-25T11:47:58.553574914Z | 74 | PC: 131d2 | Reallocate memory |
| 2018-12-25T11:47:58.554834581Z | 53 | PC: 131d7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.556422278Z | 37 | PC: 131eb | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:47:58.557936132Z | 42 | PC: 1321d | Get date 0x1321d: cmp al, 0 0x1321f: jne 0x13226 0x13221: add word ptr [0x83], 0x50 0x13226: cmp cx, 0x7c8 0x1322a: je 0x13257 0x1322c: cmp dx, 0xc0c 0x13230: jne 0x1323d 0x13232: mov byte ptr [0x8a], 0xd 0x13237: call 0x22ff2 0x1323a: jmp 0x13257 0x1323c: nop 0x1323d: mov byte ptr [0x8a], 0xc 0x13242: mov ax, 0x3508 0x13245: int 0x21 0x13247: mov word ptr [0xf], bx 0x1324b: mov word ptr [0x11], es 0x1324f: mov ax, 0x2508 0x13252: mov dx, 0x17b 0x13255: int 0x21 0x13257: mov ax, 0x3509 |
| 2018-12-25T11:47:58.560233115Z | 53 | PC: 1325c | Get interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T11:47:58.562013922Z | 37 | PC: 1326c | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-25T11:47:58.563411873Z | 75 | PC: 13278 | Execute program |
| 2018-12-25T11:47:58.577107873Z | 9 | PC: 13557 | Display string (String= 'This is Friday Rx (2229) virus ..! Caught By Peter Ferng ..!') |
| 2018-12-25T11:47:58.582923164Z | 73 | PC: 1327e | Release memory |
| 2018-12-25T11:47:58.584260688Z | 77 | PC: 13282 | Get program return code |
| 2018-12-25T11:47:58.58545877Z | 49 | PC: 13290 | Terminate and stay resident (Return code = '0' | Memory size = '156') |