.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:26:18.104468713Z | 224 | PC: 12ade | UNKNOWN! |
| 2018-12-17T22:26:18.10551485Z | 224 | PC: 12b32 | UNKNOWN! |
| 2018-12-17T22:26:18.106778671Z | 74 | PC: 12bb6 | Reallocate memory |
| 2018-12-17T22:26:18.108241517Z | 53 | PC: 12bbb | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:26:18.109941626Z | 37 | PC: 12bcf | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:26:18.111293204Z | 42 | PC: 12bff | Get date 0x12bff: mov byte ptr cs:[0x12], 0 0x12c05: cmp cx, 0x7c3 0x12c09: je 0x12c3a 0x12c0b: cmp al, 5 0x12c0d: jne 0x12c1b 0x12c0f: cmp al, 0xd 0x12c11: jne 0x12c1b 0x12c13: inc byte ptr cs:[0x12] 0x12c18: jmp 0x12c3a 0x12c1a: nop 0x12c1b: mov ax, 0x3508 0x12c1e: int 0x21 0x12c20: mov word ptr cs:[0x17], bx 0x12c25: mov word ptr cs:[0x19], es 0x12c2a: push cs 0x12c2b: pop ds 0x12c2c: mov word ptr [0x23], 0x21c 0x12c32: mov ax, 0x2508 0x12c35: mov dx, 0x221 0x12c38: int 0x21 |
| 2018-12-17T22:26:18.113582669Z | 53 | PC: 12c20 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T22:26:18.114713046Z | 37 | PC: 12c3a | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T22:26:18.116193892Z | 75 | PC: 12c46 | Execute program |
| 2018-12-17T22:26:18.13047814Z | 9 | PC: 132a8 | Display string (String= 'This program only exists to become infected - COM version ') |
| 2018-12-17T22:26:18.136014829Z | 76 | PC: 132ad | Terminate with return code (Return code = '0') |
| 2018-12-17T22:26:18.139699983Z | 73 | PC: 12c4c | Release memory |
| 2018-12-17T22:26:18.141182294Z | 77 | PC: 12c50 | Get program return code |
| 2018-12-17T22:26:18.142552265Z | 49 | PC: 12c5e | Terminate and stay resident (Return code = '0' | Memory size = '112') |