{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":532,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:16.711643763Z | 26 | PC: 12b62 | Set disk transfer address |
| 2018-12-25T11:41:16.7131054Z | 71 | PC: 12b72 | Get current directory |
| 2018-12-25T11:41:16.715771389Z | 67 | PC: 12d93 | Get or set file attributes |
| 2018-12-25T11:41:16.721357746Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T11:41:16.727375276Z | 61 | PC: 12c33 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:16.731448163Z | 79 | PC: 12c09 | Find next file |
| 2018-12-25T11:41:16.733059408Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.740529931Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.74280294Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.753811118Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.756593006Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.767934203Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.770226921Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.776875858Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.779156471Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.785312385Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.788007032Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.794322312Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.796638611Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.80306533Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.805490952Z | 59 | PC: 12b8a | Change current directory |
| 2018-12-25T11:41:16.813949712Z | 78 | PC: 12bab | Find first file |
| 2018-12-25T11:41:16.824082023Z | 42 | PC: 12d59 | Get date 0x12d59: cmp dh, 0xb 0x12d5c: ja 0x12d60 0x12d5e: jmp 0x12d6f 0x12d60: cmp dl, 1 0x12d63: ja 0x12d67 0x12d65: jmp 0x12d6f 0x12d67: mov ah, 9 0x12d69: lea dx, word ptr [bp + 0x430] 0x12d6d: int 0x21 0x12d6f: ret 0x12d70: push bp 0x12d71: dec si 0x12d72: dec bx 0x12d73: dec bp 0x12d74: and byte ptr [bx + di + 0x6e], cl 0x12d77: arpl word ptr gs:[si + 0x20], si 0x12d7c: push sp 0x12d7d: push 0x2065 0x12d80: push di 0x12d81: outsw dx, word ptr [si] |
| 2018-12-25T11:41:16.826849457Z | 9 | PC: 12d6f | Display string (String= 'UNKM Infect The WorlD!') |
| 2018-12-25T11:41:16.829001931Z | 59 | PC: 12c1b | Change current directory |
| 2018-12-25T11:41:16.832765763Z | 26 | PC: 12c24 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":532,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:16.788163509Z | 26 | PC: 12b62 | Set disk transfer address |
| 2018-12-25T11:41:16.790156109Z | 71 | PC: 12b72 | Get current directory |
| 2018-12-25T11:41:16.793731342Z | 67 | PC: 12d93 | Get or set file attributes |
| 2018-12-25T11:41:16.800688199Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T11:41:16.807987443Z | 61 | PC: 12c33 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:16.816311212Z | 79 | PC: 12c09 | Find next file |
| 2018-12-25T11:41:16.819544857Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.832475005Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.836743944Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.844058982Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.846909351Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.855171755Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.858278013Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.865759867Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.879898597Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.887660051Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.890601458Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.89862616Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.901455394Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:16.909121885Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:16.913397955Z | 59 | PC: 12b8a | Change current directory |
| 2018-12-25T11:41:16.918151038Z | 78 | PC: 12bab | Find first file |
| 2018-12-25T11:41:16.924749699Z | 42 | PC: 12d59 | Get date 0x12d59: cmp dh, 0xb 0x12d5c: ja 0x12d60 0x12d5e: jmp 0x12d6f 0x12d60: cmp dl, 1 0x12d63: ja 0x12d67 0x12d65: jmp 0x12d6f 0x12d67: mov ah, 9 0x12d69: lea dx, word ptr [bp + 0x430] 0x12d6d: int 0x21 0x12d6f: ret 0x12d70: push bp 0x12d71: dec si 0x12d72: dec bx 0x12d73: dec bp 0x12d74: and byte ptr [bx + di + 0x6e], cl 0x12d77: arpl word ptr gs:[si + 0x20], si 0x12d7c: push sp 0x12d7d: push 0x2065 0x12d80: push di 0x12d81: outsw dx, word ptr [si] |
| 2018-12-25T11:41:16.927361093Z | 59 | PC: 12c1b | Change current directory |
| 2018-12-25T11:41:16.932398655Z | 26 | PC: 12c24 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":532,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:17.368837945Z | 26 | PC: 12b62 | Set disk transfer address |
| 2018-12-25T11:41:17.370594583Z | 71 | PC: 12b72 | Get current directory |
| 2018-12-25T11:41:17.374220641Z | 67 | PC: 12d93 | Get or set file attributes |
| 2018-12-25T11:41:17.381360909Z | 78 | PC: 12bf8 | Find first file |
| 2018-12-25T11:41:17.394589603Z | 61 | PC: 12c33 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:17.40287446Z | 79 | PC: 12c09 | Find next file |
| 2018-12-25T11:41:17.406251769Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.414042188Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.418094118Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.425464284Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.428315837Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.441675186Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.447961932Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.461017297Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.466204485Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.474084588Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.477238044Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.485921288Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.488957296Z | 61 | PC: 12c33 | Open file (See above) |
| 2018-12-25T11:41:17.496388308Z | 79 | PC: 12c09 | Find next file (See above) |
| 2018-12-25T11:41:17.500740984Z | 59 | PC: 12b8a | Change current directory |
| 2018-12-25T11:41:17.506078119Z | 78 | PC: 12bab | Find first file |
| 2018-12-25T11:41:17.512276992Z | 42 | PC: 12d59 | Get date 0x12d59: cmp dh, 0xb 0x12d5c: ja 0x12d60 0x12d5e: jmp 0x12d6f 0x12d60: cmp dl, 1 0x12d63: ja 0x12d67 0x12d65: jmp 0x12d6f 0x12d67: mov ah, 9 0x12d69: lea dx, word ptr [bp + 0x430] 0x12d6d: int 0x21 0x12d6f: ret 0x12d70: push bp 0x12d71: dec si 0x12d72: dec bx 0x12d73: dec bp 0x12d74: and byte ptr [bx + di + 0x6e], cl 0x12d77: arpl word ptr gs:[si + 0x20], si 0x12d7c: push sp 0x12d7d: push 0x2065 0x12d80: push di 0x12d81: outsw dx, word ptr [si] |
| 2018-12-25T11:41:17.514661832Z | 59 | PC: 12c1b | Change current directory |
| 2018-12-25T11:41:17.519932367Z | 26 | PC: 12c24 | Set disk transfer address |