.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:55:12.192270533Z | 42 | PC: 12ab1 | Get date 0x12ab1: mov word ptr [0xf2], dx 0x12ab5: mov word ptr [0xf4], cx 0x12ab9: stc 0x12aba: mov dx, 0x2af 0x12abd: mov ah, 0x4e 0x12abf: mov cx, 0x20 0x12ac2: int 0x21 0x12ac4: or ax, ax 0x12ac6: je 0x12acb 0x12ac8: jmp 0x12ba0 0x12acb: mov ah, 0x2f 0x12acd: int 0x21 0x12acf: mov ax, word ptr es:[bx + 0x1a] 0x12ad3: mov word ptr [0xfc], ax 0x12ad6: add bx, 0x1e 0x12ad9: mov word ptr [0xfe], bx 0x12add: mov ax, 0x4f43 0x12ae0: sub ax, word ptr [0x9e] 0x12ae4: jne 0x12ae9 0x12ae6: jmp 0x12b94 |
| 2018-12-17T22:55:12.19488543Z | 78 | PC: 12ac4 | Find first file |
| 2018-12-17T22:55:12.200876349Z | 47 | PC: 12acf | Get disk transfer address |
| 2018-12-17T22:55:12.201986167Z | 43 | PC: 12b25 | Set date |
| 2018-12-17T22:55:12.205423772Z | 61 | PC: 12b2d | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:55:12.216714991Z | 63 | PC: 12b3b | Read file or device (Read 407 bytes on handle 5) |
| 2018-12-17T22:55:12.222957688Z | 60 | PC: 12b78 | Create or truncate file |
| 2018-12-17T22:55:12.599504824Z | 64 | PC: 12b8a | Write file or device (Write 847 bytes on handle 6) |
| 2018-12-17T22:55:12.608534964Z | 62 | PC: 12b8e | Close file |
| 2018-12-17T22:55:12.616596876Z | 43 | PC: 12ba7 | Set date |
| 2018-12-17T22:55:12.617678011Z | 45 | PC: 12baf | Set time |
| 2018-12-17T22:55:12.619433964Z | 43 | PC: 12bbb | Set date |
| 2018-12-17T22:55:12.622875175Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |