.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:12:10.965628584Z | 51 | PC: 151df | Get or set Ctrl-Break |
| 2018-12-17T23:12:10.967524146Z | 46 | PC: 151e6 | Set verify flag |
| 2018-12-17T23:12:10.969119013Z | 53 | PC: 151eb | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:12:10.970748841Z | 37 | PC: 151fb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:12:10.972832268Z | 44 | PC: 152e3 | Get time 0x152e3: mov bp, sp 0x152e5: mov bp, word ptr [bp + 8] 0x152e8: mov word ptr [bp], ax 0x152eb: mov word ptr [bp + 2], bx 0x152ee: mov word ptr [bp + 4], cx 0x152f1: mov word ptr [bp + 6], dx 0x152f4: mov word ptr [bp + 8], si 0x152f7: mov word ptr [bp + 0xa], di 0x152fa: pushf 0x152fb: pop ax 0x152fc: and ax, 1 0x152ff: mov word ptr [bp + 0xc], ax 0x15302: cld 0x15303: pop di 0x15304: pop si 0x15305: pop bp 0x15306: ret 0x15307: add byte ptr [di - 0x75], dl 0x1530a: in al, dx 0x1530b: mov ax, 0x4200 |
| 2018-12-17T23:12:10.976959042Z | 42 | PC: 152e3 | Get date 0x152e3: mov bp, sp 0x152e5: mov bp, word ptr [bp + 8] 0x152e8: mov word ptr [bp], ax 0x152eb: mov word ptr [bp + 2], bx 0x152ee: mov word ptr [bp + 4], cx 0x152f1: mov word ptr [bp + 6], dx 0x152f4: mov word ptr [bp + 8], si 0x152f7: mov word ptr [bp + 0xa], di 0x152fa: pushf 0x152fb: pop ax 0x152fc: and ax, 1 0x152ff: mov word ptr [bp + 0xc], ax 0x15302: cld 0x15303: pop di 0x15304: pop si 0x15305: pop bp 0x15306: ret 0x15307: add byte ptr [di - 0x75], dl 0x1530a: in al, dx 0x1530b: mov ax, 0x4200 |
| 2018-12-17T23:12:10.979834643Z | 25 | PC: 152e3 | Get default drive |
| 2018-12-17T23:12:10.981956233Z | 71 | PC: 15393 | Get current directory |
| 2018-12-17T23:12:10.986332476Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:10.991181886Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:10.996159299Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.000349477Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.006247623Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.012178388Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.018526094Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.019496962Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.026656643Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.028344802Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.032829018Z | 61 | PC: 15371 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:12:11.037293259Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.039219795Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.040533464Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.045031927Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.046550344Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.048044822Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.050378899Z | 61 | PC: 15371 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T23:12:11.05501731Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.057038155Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.058317281Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.062544076Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.064575887Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.065446101Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.067552615Z | 61 | PC: 15371 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T23:12:11.07266683Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.073956327Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.075222404Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.08295333Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.085141583Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.086395305Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.090717742Z | 61 | PC: 15371 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T23:12:11.104205269Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.105966006Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.107872367Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.115656755Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.117725768Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.119186644Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.122977727Z | 61 | PC: 15371 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T23:12:11.130468871Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.132532423Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.135307446Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.142953747Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.145391451Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.147980745Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.151943821Z | 61 | PC: 15371 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T23:12:11.159724154Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.163491197Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.166018482Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.174867341Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.182829465Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.184638285Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.188286892Z | 61 | PC: 15371 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T23:12:11.196448843Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.198285526Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.200213182Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.208235719Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.217567826Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.219122496Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.222558106Z | 61 | PC: 15371 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:12:11.231911598Z | 87 | PC: 152e3 | Get or set file date and time |
| 2018-12-17T23:12:11.234193581Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.236310142Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.245366954Z | 66 | PC: 15319 | Move file pointer |
| 2018-12-17T23:12:11.2476431Z | 63 | PC: 1532e | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:12:11.256495836Z | 63 | PC: 1532e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:12:11.261182354Z | 62 | PC: 15361 | Close file |
| 2018-12-17T23:12:11.264155339Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.266154136Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.269684849Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.272199297Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.279266589Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.280457296Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.283940696Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.285194285Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.288108447Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.290050377Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.292994835Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.294161914Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.297575386Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.298772898Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.301644913Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.303319181Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.306971674Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.30851249Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.312761841Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.31494456Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.317176472Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.319712242Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.322910989Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.327676219Z | 14 | PC: 152e3 | Set default drive (Drive = 'C') |
| 2018-12-17T23:12:11.329021961Z | 25 | PC: 152e3 | Get default drive |
| 2018-12-17T23:12:11.330332024Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.331226942Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.334870791Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.336048117Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.339762119Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.340704962Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.342631295Z | 71 | PC: 15393 | Get current directory |
| 2018-12-17T23:12:11.344267929Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.34697958Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.349801628Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.352545115Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.355633252Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.358459918Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.361058756Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.362122269Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.366075682Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.367035364Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.370670399Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.372203601Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.374087088Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.374889156Z | 78 | PC: 153b9 | Find first file |
| 2018-12-17T23:12:11.378989445Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.379858154Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.381954698Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.3832008Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.385103732Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.386003202Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.388159801Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.388890081Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.391432147Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.392971429Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.394787464Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.395641765Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.397781518Z | 26 | PC: 153af | Set disk transfer address |
| 2018-12-17T23:12:11.398828293Z | 79 | PC: 153b9 | Find next file |
| 2018-12-17T23:12:11.400468459Z | 59 | PC: 1537d | Change current directory |
| 2018-12-17T23:12:11.40341532Z | 14 | PC: 152e3 | Set default drive (Drive = 'F') |
| 2018-12-17T23:12:11.404578899Z | 25 | PC: 152e3 | Get default drive |
| 2018-12-17T23:12:11.405441723Z | 14 | PC: 152e3 | Set default drive (Drive = 'A') |
| 2018-12-17T23:12:11.407251648Z | 37 | PC: 1520f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:12:11.408216234Z | 26 | PC: 1521d | Set disk transfer address |
| 2018-12-17T23:12:11.409385943Z | 9 | PC: 12a4c | Display string (String= 'This program exists to become infected - COM version. ') |
| 2018-12-17T23:12:11.412927847Z | 76 | PC: 12a51 | Terminate with return code (Return code = '1') |