{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3825,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:16.21691608Z | 26 | PC: 12a9b | Set disk transfer address |
| 2018-12-25T11:50:16.219447238Z | 78 | PC: 12aa6 | Find first file |
| 2018-12-25T11:50:16.225524057Z | 61 | PC: 12ad1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:16.232634595Z | 62 | PC: 12ab1 | Close file |
| 2018-12-25T11:50:16.247523598Z | 79 | PC: 12ab6 | Find next file |
| 2018-12-25T11:50:16.250133091Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.261771579Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.264683615Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.267470386Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.273867013Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.275637399Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.277454599Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.281598781Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.283151936Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.285692393Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.292571207Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.294770386Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.298518133Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.305233145Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.307056399Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.310444295Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.316768181Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.318919789Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.333517559Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.340903487Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.344653121Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.347906893Z | 42 | PC: 12bba | Get date 0x12bba: cmp dh, 6 0x12bbd: ja 0x12bc7 0x12bbf: cmp dl, 0xe 0x12bc2: ja 0x12bc7 0x12bc4: jmp 0x12bcf 0x12bc7: mov ah, 9 0x12bc9: lea dx, word ptr [bp + 0x290] 0x12bcd: int 0x21 0x12bcf: ret 0x12bd0: dec byte ptr [di + 0x4a] 0x12bd3: xor word ptr [bp + di], si |
| 2018-12-25T11:50:16.350050108Z | 26 | PC: 12ac7 | Set disk transfer address |
{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3825,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:16.289866179Z | 26 | PC: 12a9b | Set disk transfer address |
| 2018-12-25T11:50:16.291622546Z | 78 | PC: 12aa6 | Find first file |
| 2018-12-25T11:50:16.298355938Z | 61 | PC: 12ad1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:16.305583214Z | 62 | PC: 12ab1 | Close file |
| 2018-12-25T11:50:16.308385734Z | 79 | PC: 12ab6 | Find next file |
| 2018-12-25T11:50:16.312095361Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.319379805Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.321384326Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.331862147Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.339710335Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.341906512Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.344948373Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.352082067Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.354239511Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.365443066Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.370302755Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.371972746Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.374395051Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.378955227Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.380583717Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.383410485Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.387916645Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.389306972Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.391593959Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.396355519Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.397695795Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.399542726Z | 42 | PC: 12bba | Get date 0x12bba: cmp dh, 6 0x12bbd: ja 0x12bc7 0x12bbf: cmp dl, 0xe 0x12bc2: ja 0x12bc7 0x12bc4: jmp 0x12bcf 0x12bc7: mov ah, 9 0x12bc9: lea dx, word ptr [bp + 0x290] 0x12bcd: int 0x21 0x12bcf: ret 0x12bd0: dec byte ptr [di + 0x4a] 0x12bd3: xor word ptr [bp + di], si |
| 2018-12-25T11:50:16.402315286Z | 9 | PC: 12bcf | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ') |
| 2018-12-25T11:50:16.40663897Z | 26 | PC: 12ac7 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3825,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:50:16.476715787Z | 26 | PC: 12a9b | Set disk transfer address |
| 2018-12-25T11:50:16.478763136Z | 78 | PC: 12aa6 | Find first file |
| 2018-12-25T11:50:16.484707543Z | 61 | PC: 12ad1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:50:16.491293556Z | 62 | PC: 12ab1 | Close file |
| 2018-12-25T11:50:16.493944265Z | 79 | PC: 12ab6 | Find next file |
| 2018-12-25T11:50:16.496786456Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.50335347Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.505029525Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.507677667Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.513882435Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.51543121Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.518222856Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.525044027Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.526173137Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.528059286Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.532291412Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.533376842Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.535406366Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.539274193Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.540390798Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.543072081Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.549228446Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.550762699Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.55405393Z | 61 | PC: 12ad1 | Open file (See above) |
| 2018-12-25T11:50:16.560405625Z | 62 | PC: 12ab1 | Close file (See above) |
| 2018-12-25T11:50:16.56193072Z | 79 | PC: 12ab6 | Find next file (See above) |
| 2018-12-25T11:50:16.564410783Z | 42 | PC: 12bba | Get date 0x12bba: cmp dh, 6 0x12bbd: ja 0x12bc7 0x12bbf: cmp dl, 0xe 0x12bc2: ja 0x12bc7 0x12bc4: jmp 0x12bcf 0x12bc7: mov ah, 9 0x12bc9: lea dx, word ptr [bp + 0x290] 0x12bcd: int 0x21 0x12bcf: ret 0x12bd0: dec byte ptr [di + 0x4a] 0x12bd3: xor word ptr [bp + di], si |
| 2018-12-25T11:50:16.56646518Z | 9 | PC: 12bcf | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ') |
| 2018-12-25T11:50:16.569994678Z | 26 | PC: 12ac7 | Set disk transfer address |