.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:52:48.454455709Z | 53 | PC: 1cb1e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:52:48.458348736Z | 37 | PC: 1cb32 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:52:48.45951589Z | 47 | PC: 1cb37 | Get disk transfer address |
| 2018-12-17T22:52:48.460684521Z | 26 | PC: 1cb49 | Set disk transfer address |
| 2018-12-17T22:52:48.468657826Z | 25 | PC: 1cb4d | Get default drive |
| 2018-12-17T22:52:48.46950503Z | 71 | PC: 1cb5a | Get current directory |
| 2018-12-17T22:52:48.471433629Z | 14 | PC: 1cb70 | Set default drive (Drive = 'C') |
| 2018-12-17T22:52:48.472768365Z | 59 | PC: 1cd03 | Change current directory |
| 2018-12-17T22:52:48.475268616Z | 44 | PC: 1cb77 | Get time 0x1cb77: shr dl, 1 0x1cb79: shr dl, 1 0x1cb7b: add dl, 0x40 0x1cb7e: mov byte ptr [bp + 0x239], dl 0x1cb82: xor bx, bx 0x1cb84: mov ah, 0x4e 0x1cb86: lea dx, word ptr [bp + 0x239] 0x1cb8a: mov cx, 0x11 0x1cb8d: int 0x21 0x1cb8f: jae 0x1cbac 0x1cb91: mov al, byte ptr [bp + 0x239] 0x1cb95: inc al 0x1cb97: cmp al, 0x5a 0x1cb99: jbe 0x1cb9d 0x1cb9b: sub al, 0x1a 0x1cb9d: mov byte ptr [bp + 0x239], al 0x1cba1: inc bh 0x1cba3: cmp bh, 0x1b 0x1cba6: je 0x1cb5a 0x1cba8: jmp 0x1cb84 |
| 2018-12-17T22:52:48.476933301Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.480810195Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.485795155Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.490785162Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.49831443Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.501534942Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.505627311Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.509329575Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.514299476Z | 78 | PC: 1cb8f | Find first file |
| 2018-12-17T22:52:48.519434349Z | 59 | PC: 1cbb3 | Change current directory |
| 2018-12-17T22:52:48.530669757Z | 78 | PC: 1cbbe | Find first file |
| 2018-12-17T22:52:48.538820525Z | 67 | PC: 1cc1a | Get or set file attributes |
| 2018-12-17T22:52:48.544813526Z | 67 | PC: 1cc27 | Get or set file attributes |
| 2018-12-17T22:52:48.884084641Z | 61 | PC: 1cc2f | Open file (Filename = 'WIN.COM') |
| 2018-12-17T22:52:48.89152776Z | 87 | PC: 1cc35 | Get or set file date and time |
| 2018-12-17T22:52:48.89372178Z | 44 | PC: 1cc48 | Get time 0x1cc48: or dx, dx 0x1cc4a: je 0x1cc44 0x1cc4c: mov word ptr [bp + 0x260], dx 0x1cc50: mov ah, 0x3f 0x1cc52: lea dx, word ptr [bp + 0x230] 0x1cc56: mov cx, 3 0x1cc59: int 0x21 0x1cc5b: mov ax, 0x4202 0x1cc5e: xor cx, cx 0x1cc60: cdq 0x1cc61: int 0x21 0x1cc63: sub ax, 3 0x1cc66: mov word ptr cs:[0xfa79], ax 0x1cc6a: mov byte ptr cs:[0xfa78], 0xe9 0x1cc70: nop 0x1cc71: nop 0x1cc72: nop 0x1cc73: lea si, word ptr [bp - 5] 0x1cc76: mov di, 0xfb2c 0x1cc79: mov cx, 0x26d |
| 2018-12-17T22:52:48.896020298Z | 63 | PC: 1cc5b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:52:48.901753166Z | 66 | PC: 1cc63 | Move file pointer |
| 2018-12-17T22:52:48.903022988Z | 64 | PC: 1cc8f | Write file or device (Write 621 bytes on handle 5) |
| 2018-12-17T22:52:48.908864297Z | 66 | PC: 1cc97 | Move file pointer |
| 2018-12-17T22:52:48.911732019Z | 64 | PC: 1cca1 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:52:48.914011984Z | 87 | PC: 1ccb6 | Get or set file date and time |
| 2018-12-17T22:52:48.915187152Z | 62 | PC: 1ccba | Close file |
| 2018-12-17T22:52:48.920842843Z | 67 | PC: 1ccc7 | Get or set file attributes |
| 2018-12-17T22:52:48.92744564Z | 14 | PC: 1cd0d | Set default drive (Drive = 'A') |
| 2018-12-17T22:52:48.928436944Z | 59 | PC: 1cd03 | Change current directory |
| 2018-12-17T22:52:48.932122485Z | 59 | PC: 1cd15 | Change current directory |
| 2018-12-17T22:52:48.933503095Z | 37 | PC: 1cce0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:52:48.934633199Z | 26 | PC: 1ccf0 | Set disk transfer address |
| 2018-12-17T22:52:48.936835037Z | 98 | PC: 17a63 | Get current PSP |
| 2018-12-17T22:52:48.937658408Z | 81 | PC: 1688a | Get current PSP |
| 2018-12-17T22:52:48.938708177Z | 61 | PC: 168e3 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T22:52:48.944163702Z | 66 | PC: 1694d | Move file pointer |
| 2018-12-17T22:52:48.945489953Z | 63 | PC: 16965 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T22:52:48.947481303Z | 66 | PC: 1698a | Move file pointer |
| 2018-12-17T22:52:48.949117351Z | 63 | PC: 16996 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-17T22:52:48.950912762Z | 66 | PC: 169f0 | Move file pointer |
| 2018-12-17T22:52:48.952260483Z | 63 | PC: 169fb | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-17T22:52:48.954791112Z | 66 | PC: 169f0 | Move file pointer |
| 2018-12-17T22:52:48.955844617Z | 63 | PC: 169fb | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-17T22:52:48.957980081Z | 62 | PC: 168f9 | Close file |
| 2018-12-17T22:52:48.977467794Z | 76 | PC: 17a93 | Terminate with return code (Return code = '0') |