.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:25:49.990360595Z | 48 | PC: 12b48 | Get DOS version |
| 2018-12-17T22:25:49.992710164Z | 26 | PC: 1314c | Set disk transfer address |
| 2018-12-17T22:25:49.993908559Z | 78 | PC: 1317d | Find first file |
| 2018-12-17T22:25:49.999611529Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.002182558Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.005527788Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.008946071Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.011729705Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.014679449Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.017413601Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.020062075Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.045513752Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.047984393Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.050394325Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.053501946Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.05791633Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.060512775Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.063473884Z | 79 | PC: 1318c | Find next file |
| 2018-12-17T22:25:50.065984491Z | 44 | PC: 12af3 | Get time 0x12af3: mov ax, cx 0x12af5: add ax, dx 0x12af7: xor dx, dx 0x12af9: idiv si 0x12afb: mov ax, dx 0x12afd: pop si 0x12afe: pop dx 0x12aff: pop cx 0x12b00: ret 0x12b01: push dx 0x12b02: mov dl, ah 0x12b04: call 0x12b0e 0x12b07: mov dl, al 0x12b09: call 0x12b0e 0x12b0c: pop dx 0x12b0d: ret 0x12b0e: push bx 0x12b0f: push cx 0x12b10: mov bl, dl 0x12b12: mov cl, 4 |
| 2018-12-17T22:25:50.068016309Z | 78 | PC: 131a8 | Find first file |
| 2018-12-17T22:25:50.081494647Z | 79 | PC: 131ce | Find next file |
| 2018-12-17T22:25:50.084830151Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-17T22:25:50.090598729Z | 67 | PC: 12c93 | Get or set file attributes |
| 2018-12-17T22:25:50.107615481Z | 61 | PC: 12ca0 | Open file (Filename = '\SLEEP.COM') |
| 2018-12-17T22:25:50.115389Z | 87 | PC: 12cad | Get or set file date and time |
| 2018-12-17T22:25:50.117175299Z | 44 | PC: 12af3 | Get time 0x12af3: mov ax, cx 0x12af5: add ax, dx 0x12af7: xor dx, dx 0x12af9: idiv si 0x12afb: mov ax, dx 0x12afd: pop si 0x12afe: pop dx 0x12aff: pop cx 0x12b00: ret 0x12b01: push dx 0x12b02: mov dl, ah 0x12b04: call 0x12b0e 0x12b07: mov dl, al 0x12b09: call 0x12b0e 0x12b0c: pop dx 0x12b0d: ret 0x12b0e: push bx 0x12b0f: push cx 0x12b10: mov bl, dl 0x12b12: mov cl, 4 |
| 2018-12-17T22:25:50.119619016Z | 66 | PC: 12d23 | Move file pointer |
| 2018-12-17T22:25:50.122273817Z | 63 | PC: 12d88 | Read file or device (Read 35 bytes on handle 5) |
| 2018-12-17T22:25:50.128635107Z | 66 | PC: 12d23 | Move file pointer |
| 2018-12-17T22:25:50.130121664Z | 64 | PC: 12ddd | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T22:25:50.133814477Z | 66 | PC: 12d4c | Move file pointer |
| 2018-12-17T22:25:50.135698097Z | 64 | PC: 12ae5 | Write file or device (Write 3551 bytes on handle 5) |
| 2018-12-17T22:25:50.145027277Z | 87 | PC: 12cd4 | Get or set file date and time |
| 2018-12-17T22:25:50.147126997Z | 62 | PC: 12cda | Close file |
| 2018-12-17T22:25:50.154665208Z | 67 | PC: 12cec | Get or set file attributes |
| 2018-12-17T22:25:50.164306053Z | 48 | PC: 12b48 | Get DOS version |
| 2018-12-17T22:25:50.169441428Z | 67 | PC: 12c7e | Get or set file attributes |
| 2018-12-17T22:25:50.175367035Z | 67 | PC: 12c93 | Get or set file attributes |
| 2018-12-17T22:25:50.185535096Z | 61 | PC: 12ca0 | Open file (Filename = 'A:\TEST.COM') |
| 2018-12-17T22:25:50.192835161Z | 87 | PC: 12cad | Get or set file date and time |
| 2018-12-17T22:25:50.194293605Z | 66 | PC: 12bda | Move file pointer |
| 2018-12-17T22:25:50.195584566Z | 64 | PC: 12bea | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-17T22:25:50.198466886Z | 87 | PC: 12cd4 | Get or set file date and time |
| 2018-12-17T22:25:50.200819359Z | 62 | PC: 12cda | Close file |
| 2018-12-17T22:25:50.207942255Z | 67 | PC: 12cec | Get or set file attributes |
| 2018-12-17T22:25:50.21762361Z | 26 | PC: 1321b | Set disk transfer address |
| 2018-12-17T22:25:50.219020597Z | 9 | PC: 12a48 | Display string (String= 'This program only exists to become infected - COM version ') |
| 2018-12-17T22:25:50.224222576Z | 76 | PC: 12a4d | Terminate with return code (Return code = '0') |