.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:54:58.835937325Z | 26 | PC: 12a6c | Set disk transfer address |
| 2018-12-17T22:54:58.837472343Z | 67 | PC: 12c74 | Get or set file attributes |
| 2018-12-17T22:54:58.843916454Z | 67 | PC: 12c7d | Get or set file attributes |
| 2018-12-17T22:54:59.685099135Z | 61 | PC: 12c84 | Open file (Filename = 'C:\AUTOEXEC.BAT') |
| 2018-12-17T22:54:59.691972244Z | 87 | PC: 12c8a | Get or set file date and time |
| 2018-12-17T22:54:59.695151584Z | 64 | PC: 12c96 | Write file or device (Write 41 bytes on handle 5) |
| 2018-12-17T22:54:59.698765943Z | 87 | PC: 12c9d | Get or set file date and time |
| 2018-12-17T22:54:59.700725379Z | 61 | PC: 12ca1 | Open file (Filename = 'Y�+���6ʭ������t�I���I���w���Э�����O�Э:E�t���ҭ3ɬ�
�u��ŝ]_^ZY[�P�/���t��\�ЭXâЭX�SQRWV��������6έ�6̭��6ʭ�2ɬ
�t�:�t����t�������2ɪ����6έ��3�����t!�Э
�u�:E�t����
�u��������}���') |
| 2018-12-17T22:54:59.706910613Z | 67 | PC: 12ca8 | Get or set file attributes |
| 2018-12-17T22:54:59.718773969Z | 78 | PC: 12a7a | Find first file |
| 2018-12-17T22:54:59.732828717Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:54:59.742765538Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:54:59.761400411Z | 61 | PC: 12aa5 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:54:59.768775474Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:54:59.770592201Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:54:59.779926419Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:54:59.781574499Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:54:59.783415352Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:54:59.787019872Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:54:59.797225399Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:54:59.79951709Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:54:59.807902854Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:54:59.810306616Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:54:59.819197119Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:54:59.83017573Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:54:59.833212954Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:54:59.839384703Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:54:59.85007923Z | 61 | PC: 12aa5 | Open file (Filename = 'PRINT.S') |
| 2018-12-17T22:54:59.858736705Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:54:59.860831254Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:54:59.86819181Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:54:59.870484763Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-17T22:54:59.872498812Z | 64 | PC: 12b6c | Write file or device (Write 245 bytes on handle 6) |
| 2018-12-17T22:54:59.875901582Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:54:59.878882249Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:54:59.886604756Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:54:59.896992094Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:54:59.900472141Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:54:59.906937091Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:54:59.919786852Z | 61 | PC: 12aa5 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:54:59.928048934Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:54:59.93000892Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:54:59.93864778Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:54:59.941502801Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:54:59.943622849Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:54:59.946716528Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:54:59.956718111Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:54:59.959483103Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:54:59.966538985Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:54:59.968075235Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:54:59.976735656Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:54:59.987142461Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:54:59.990659727Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:54:59.998089773Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:55:00.009226432Z | 61 | PC: 12aa5 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:55:00.016681545Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:55:00.019302165Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:55:00.026858178Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:55:00.028432138Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:55:00.031858003Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:55:00.03474322Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:55:00.044298373Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:55:00.047262509Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:55:00.054746396Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:55:00.056710201Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:55:00.065791122Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:55:00.076685965Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:55:00.079870516Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:55:00.086182479Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:55:00.100595981Z | 61 | PC: 12aa5 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:55:00.107822314Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:55:00.109559331Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:55:00.122231528Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:55:00.123920294Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:55:00.125674134Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:55:00.129462159Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:55:00.151846825Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:55:00.15370493Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:55:00.16176409Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:55:00.163539219Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:55:00.171753931Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:55:00.18310883Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:55:00.186690718Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:55:00.192995096Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:55:00.20509104Z | 61 | PC: 12aa5 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:55:00.212302344Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:55:00.213785494Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:55:00.220515473Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:55:00.222562484Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:55:00.224508083Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:55:00.227494962Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:55:00.237386468Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:55:00.239462063Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:55:00.246790978Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:55:00.249522897Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:55:00.258063753Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:55:00.269196824Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:55:00.273222076Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:55:00.284558209Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:55:00.296181473Z | 61 | PC: 12aa5 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:55:00.303430198Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:55:00.306697234Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:55:00.314505221Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:55:00.316013448Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:55:00.320310641Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:55:00.325504651Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:55:00.335505633Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:55:00.337569987Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:55:00.34367508Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:55:00.345695531Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:55:00.356303174Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:55:00.367940143Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:55:00.371145152Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:55:00.378389278Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:55:00.390429597Z | 61 | PC: 12aa5 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:55:00.404342808Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:55:00.40647555Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:55:00.415065718Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:55:00.416754625Z | 66 | PC: 12b76 | Move file pointer |
| 2018-12-17T22:55:00.418605937Z | 44 | PC: 12af5 | Get time 0x12af5: mov word ptr ds:[bp + 0x3ad], dx
0x12afa: mov cx, 0x12
0x12afd: lea di, word ptr [bp + 0x3ef]
0x12b01: lea si, word ptr [bp + 0x3af]
0x12b05: push cx
0x12b06: push si
0x12b07: rep movsb byte ptr es:[di], byte ptr [si]
0x12b09: mov cx, 0xb
0x12b0c: lea si, word ptr [bp + 0x1df]
0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
0x12b12: pop si
0x12b13: pop cx
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: mov al, 0xc3
0x12b18: stosb byte ptr es:[di], al
0x12b19: call 0x12d2f
0x12b1c: jmp 0x12b2a
0x12b1e: nop
0x12b1f: mov ah, 0x40
0x12b21: mov cx, 0x2c2
|
| 2018-12-17T22:55:00.423066187Z | 64 | PC: 12d4c | Write file or device (Write 706 bytes on handle 6) |
| 2018-12-17T22:55:00.432654854Z | 66 | PC: 12b32 | Move file pointer |
| 2018-12-17T22:55:00.434436936Z | 64 | PC: 12b3d | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:55:00.442812571Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:55:00.444863259Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:55:00.454113258Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:55:00.467021689Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:55:00.469971598Z | 67 | PC: 12a93 | Get or set file attributes |
| 2018-12-17T22:55:00.476076662Z | 67 | PC: 12a9c | Get or set file attributes |
| 2018-12-17T22:55:00.487216276Z | 61 | PC: 12aa5 | Open file (Filename = 'TEST.EXE') |
| 2018-12-17T22:55:00.494604022Z | 87 | PC: 12aab | Get or set file date and time |
| 2018-12-17T22:55:00.496391464Z | 63 | PC: 12ab8 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T22:55:00.504076911Z | 47 | PC: 12ac5 | Get disk transfer address |
| 2018-12-17T22:55:00.505609364Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-17T22:55:00.507462229Z | 64 | PC: 12b6c | Write file or device (Write 245 bytes on handle 6) |
| 2018-12-17T22:55:00.515872559Z | 87 | PC: 12b44 | Get or set file date and time |
| 2018-12-17T22:55:00.517865537Z | 62 | PC: 12b48 | Close file |
| 2018-12-17T22:55:00.525891805Z | 67 | PC: 12b4f | Get or set file attributes |
| 2018-12-17T22:55:00.540105382Z | 79 | PC: 12a7a | Find next file |
| 2018-12-17T22:55:00.542940685Z | 26 | PC: 12b57 | Set disk transfer address |
