.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:47:43.929068313Z | 53 | PC: 12c55 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:47:43.931066974Z | 37 | PC: 12c66 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:47:43.932532583Z | 26 | PC: 12da7 | Set disk transfer address |
| 2018-12-17T22:47:43.933942841Z | 78 | PC: 12c8c | Find first file |
| 2018-12-17T22:47:43.940784988Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:43.958142854Z | 61 | PC: 12cc4 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:47:43.972288469Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:43.979036897Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:43.980616377Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:43.983022464Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:43.991440286Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:43.993562675Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.000145977Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.001870132Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.009801086Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.012749786Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.014562514Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.020934617Z | 61 | PC: 12cc4 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:47:44.025071206Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.029067211Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:44.030581285Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:44.03232378Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:44.03446444Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:44.039615966Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.041786948Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.042795059Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.047763877Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.050687162Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.05236498Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.058858946Z | 61 | PC: 12cc4 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:47:44.065285872Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.071436796Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:44.082852357Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:44.085170395Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:44.092739691Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:44.094475736Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.100613899Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.10164919Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.106910853Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.112529974Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.116640141Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.123512572Z | 61 | PC: 12cc4 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:47:44.127617184Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.131496764Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:44.132916689Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:44.134479311Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:44.136257292Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:44.13767745Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.139982578Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.140990855Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.145950709Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.150764064Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.153405236Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.165731938Z | 61 | PC: 12cc4 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:47:44.176795765Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.183336526Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:44.185787095Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:44.188268639Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:44.191054478Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:44.192508399Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.19766865Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.199042322Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.206223677Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.212026323Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.214870173Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.224515675Z | 61 | PC: 12cc4 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:47:44.232114409Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.238466345Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:44.24012593Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:44.243530539Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:44.251869759Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:44.253412374Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.260219043Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.262410429Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.270081836Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.275716855Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.278506324Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.287852388Z | 61 | PC: 12cc4 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:47:44.295031307Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.30109741Z | 66 | PC: 12cfe | Move file pointer |
| 2018-12-17T22:47:44.302417828Z | 44 | PC: 12d0c | Get time 0x12d0c: mov byte ptr [si - 1], dl 0x12d0f: mov ah, dl 0x12d11: mov di, si 0x12d13: add di, 0x1d8 0x12d17: call 0x22c3b 0x12d1a: mov di, si 0x12d1c: add di, 0x30 0x12d1f: push di 0x12d20: mov cx, 0x1c 0x12d23: sub si, 0x1a8 0x12d27: rep movsb byte ptr es:[di], byte ptr [si] 0x12d29: pop dx 0x12d2a: mov cx, 0x1a8 0x12d2d: call 0x12da8 0x12d30: mov ah, 0x40 0x12d32: int 0x21 0x12d34: jb 0x12d65 0x12d36: cmp ax, cx 0x12d38: jne 0x12d65 0x12d3a: call 0x12db9 |
| 2018-12-17T22:47:44.305754182Z | 64 | PC: 12d34 | Write file or device (Write 424 bytes on handle 5) |
| 2018-12-17T22:47:44.308422039Z | 66 | PC: 12d5c | Move file pointer |
| 2018-12-17T22:47:44.309714857Z | 64 | PC: 12d65 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:47:44.313092288Z | 87 | PC: 12d78 | Get or set file date and time |
| 2018-12-17T22:47:44.314541752Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.322053562Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.326957814Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.330653526Z | 67 | PC: 12cb8 | Get or set file attributes |
| 2018-12-17T22:47:44.34004222Z | 61 | PC: 12cc4 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:47:44.34645007Z | 63 | PC: 12cdd | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:47:44.353546346Z | 62 | PC: 12d90 | Close file |
| 2018-12-17T22:47:44.355343656Z | 67 | PC: 12da2 | Get or set file attributes |
| 2018-12-17T22:47:44.360058292Z | 79 | PC: 12c8c | Find next file |
| 2018-12-17T22:47:44.363575217Z | 37 | PC: 12d83 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:47:44.364933284Z | 26 | PC: 12da7 | Set disk transfer address |
| 2018-12-17T22:47:44.366262805Z | 9 | PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=500, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ') |
| 2018-12-17T22:47:44.373696542Z | 76 | PC: 12b3a | Terminate with return code (Return code = '36') |