{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3135,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:27.878700826Z | 26 | PC: 12a9b | Set disk transfer address |
| 2018-12-25T11:48:27.880150115Z | 78 | PC: 12aa6 | Find first file |
| 2018-12-25T11:48:27.883801002Z | 61 | PC: 12ad1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:27.890102948Z | 62 | PC: 12ab1 | Close file |
| 2018-12-25T11:48:27.89210615Z | 79 | PC: 12ab6 | Find next file |
| 2018-12-25T11:48:27.894402725Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:27.905614815Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:27.908075817Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:27.910468195Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:27.922536395Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:27.924249513Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:27.926870055Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:27.933111863Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:27.93470733Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:27.93727511Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:27.9435722Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:27.945168343Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:27.948546121Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:27.955743999Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:27.957668168Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:27.961329789Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:27.967953051Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:27.96992856Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:27.972946123Z | 42 | PC: 12bba | Get date 0x12bba: cmp dh, 6 0x12bbd: ja 0x12bc7 0x12bbf: cmp dl, 0xe 0x12bc2: ja 0x12bc7 0x12bc4: jmp 0x12bcf 0x12bc6: nop 0x12bc7: mov ah, 9 0x12bc9: lea dx, word ptr [bp + 0x290] 0x12bcd: int 0x21 0x12bcf: ret 0x12bd0: dec byte ptr [di + 0x4a] 0x12bd3: xor word ptr [bp + di], si |
| 2018-12-25T11:48:27.975416584Z | 26 | PC: 12ac7 | Set disk transfer address |
{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3135,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:28.076450866Z | 26 | PC: 12a9b | Set disk transfer address |
| 2018-12-25T11:48:28.078143708Z | 78 | PC: 12aa6 | Find first file |
| 2018-12-25T11:48:28.083967948Z | 61 | PC: 12ad1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:28.090641009Z | 62 | PC: 12ab1 | Close file |
| 2018-12-25T11:48:28.092940766Z | 79 | PC: 12ab6 | Find next file |
| 2018-12-25T11:48:28.095502018Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.102227156Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.110487306Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.113044217Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.119648169Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.122124356Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.124492689Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.140378653Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.142554101Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.144893295Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.151717689Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.153490464Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.156484464Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.163008806Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.164705355Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.167615741Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.174268816Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.175576284Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.195039685Z | 42 | PC: 12bba | Get date 0x12bba: cmp dh, 6 0x12bbd: ja 0x12bc7 0x12bbf: cmp dl, 0xe 0x12bc2: ja 0x12bc7 0x12bc4: jmp 0x12bcf 0x12bc6: nop 0x12bc7: mov ah, 9 0x12bc9: lea dx, word ptr [bp + 0x290] 0x12bcd: int 0x21 0x12bcf: ret 0x12bd0: dec byte ptr [di + 0x4a] 0x12bd3: xor word ptr [bp + di], si |
| 2018-12-25T11:48:28.197849279Z | 9 | PC: 12bcf | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ') |
| 2018-12-25T11:48:28.20211833Z | 26 | PC: 12ac7 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3135,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:48:28.708951768Z | 26 | PC: 12a9b | Set disk transfer address |
| 2018-12-25T11:48:28.711417999Z | 78 | PC: 12aa6 | Find first file |
| 2018-12-25T11:48:28.732892319Z | 61 | PC: 12ad1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:48:28.74108081Z | 62 | PC: 12ab1 | Close file |
| 2018-12-25T11:48:28.743456384Z | 79 | PC: 12ab6 | Find next file |
| 2018-12-25T11:48:28.747333748Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.754369265Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.757187959Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.760297113Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.768264228Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.772269884Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.777326781Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.790568154Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.792794042Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.798027583Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.807408813Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.809348477Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.812092883Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.816641157Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.818331524Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.820492847Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:48:28.832489078Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:48:28.834886152Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:48:28.838040675Z | 42 | PC: 12bba | Get date 0x12bba: cmp dh, 6 0x12bbd: ja 0x12bc7 0x12bbf: cmp dl, 0xe 0x12bc2: ja 0x12bc7 0x12bc4: jmp 0x12bcf 0x12bc6: nop 0x12bc7: mov ah, 9 0x12bc9: lea dx, word ptr [bp + 0x290] 0x12bcd: int 0x21 0x12bcf: ret 0x12bd0: dec byte ptr [di + 0x4a] 0x12bd3: xor word ptr [bp + di], si |
| 2018-12-25T11:48:28.843753104Z | 9 | PC: 12bcf | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ') |
| 2018-12-25T11:48:28.84857499Z | 26 | PC: 12ac7 | Set disk transfer address |