.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:00:35.102258704Z | 105 | PC: 12aff | Get or set media id |
| 2018-12-17T22:00:35.104475303Z | 74 | PC: 12b18 | Reallocate memory |
| 2018-12-17T22:00:35.105924538Z | 74 | PC: 12b29 | Reallocate memory |
| 2018-12-17T22:00:35.113942813Z | 72 | PC: 12b39 | Allocate memory |
| 2018-12-17T22:00:35.116071886Z | 53 | PC: 12b6a | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:00:35.117221263Z | 37 | PC: 12b84 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:00:35.118292394Z | 78 | PC: 12f42 | Find first file |
| 2018-12-17T22:00:35.127461093Z | 67 | PC: 12f54 | Get or set file attributes |
| 2018-12-17T22:00:35.134400833Z | 67 | PC: 12f68 | Get or set file attributes |
| 2018-12-17T22:00:35.473918098Z | 61 | PC: 12f71 | Open file (Filename = 'C:\WINDOWS\WIN.COM') |
| 2018-12-17T22:00:35.482123247Z | 87 | PC: 12f86 | Get or set file date and time |
| 2018-12-17T22:00:35.484239215Z | 63 | PC: 12f9c | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:00:35.489971923Z | 66 | PC: 12fe2 | Move file pointer |
| 2018-12-17T22:00:35.491832428Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.495376281Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.499386743Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.502355595Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.505956825Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.508498615Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.511066339Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.514393887Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.516695566Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.518938681Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.522401435Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.525086972Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.527629803Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.530785393Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.533743082Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.536287231Z | 42 | PC: 1331c | Get date 0x1331c: xchg ax, dx 0x1331d: xor ax, 0xffff 0x13320: xor dx, dx 0x13322: div bx 0x13324: xchg ax, dx 0x13325: pop cx 0x13326: pop dx 0x13327: pop bx 0x13328: ret 0x13329: call 0x23314 0x1332c: mov cx, bx 0x1332e: mul bx 0x13330: add si, ax 0x13332: rep movsb byte ptr es:[di], byte ptr [si] 0x13334: ret 0x13335: mov di, sp 0x13337: call 0x1333b 0x1333a: ret 0x1333b: dec di 0x1333c: dec di |
| 2018-12-17T22:00:35.539078614Z | 44 | PC: 132b2 | Get time 0x132b2: mov byte ptr cs:[bp + 0xfa0], dl 0x132b7: lea si, word ptr [bp + 0x1b6] 0x132bb: lea di, word ptr [bp + 0xfa1] 0x132bf: mov cx, 0xdea 0x132c2: mov al, byte ptr cs:[bp + 0xf9f] 0x132c7: cmp al, 0 0x132c9: je 0x13303 0x132cb: cmp al, 1 0x132cd: je 0x132fb 0x132cf: cmp al, 2 0x132d1: je 0x132f3 0x132d3: cmp al, 3 0x132d5: je 0x132eb 0x132d7: cmp al, 4 0x132d9: je 0x132e3 0x132db: lodsb al, byte ptr [si] 0x132dc: neg al 0x132de: stosb byte ptr es:[di], al 0x132df: loop 0x132db 0x132e1: jmp 0x13309 |
| 2018-12-17T22:00:35.541185319Z | 64 | PC: 12ffd | Write file or device (Write 135 bytes on handle 5) |
| 2018-12-17T22:00:35.545849829Z | 64 | PC: 13011 | Write file or device (Write 3563 bytes on handle 5) |
| 2018-12-17T22:00:35.554108167Z | 66 | PC: 13028 | Move file pointer |
| 2018-12-17T22:00:35.555630997Z | 64 | PC: 1303c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:00:35.558381393Z | 87 | PC: 13059 | Get or set file date and time |
| 2018-12-17T22:00:35.560223616Z | 62 | PC: 1305d | Close file |
| 2018-12-17T22:00:35.567648988Z | 67 | PC: 13073 | Get or set file attributes |
| 2018-12-17T22:00:35.571768141Z | 9 | PC: 12a4b | Display string (String= '------Fake host execution-----') |
| 2018-12-17T22:00:35.575493167Z | 76 | PC: 12a50 | Terminate with return code (Return code = '0') |