.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:57:51.543495551Z | 53 | PC: 12a7b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:57:51.548535748Z | 37 | PC: 12a8f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:57:51.550213068Z | 26 | PC: 12a96 | Set disk transfer address |
| 2018-12-17T22:57:51.551742177Z | 25 | PC: 12a9a | Get default drive |
| 2018-12-17T22:57:51.553314985Z | 71 | PC: 12aa7 | Get current directory |
| 2018-12-17T22:57:51.557086766Z | 14 | PC: 12abd | Set default drive (Drive = 'C') |
| 2018-12-17T22:57:51.558543241Z | 59 | PC: 12c4b | Change current directory |
| 2018-12-17T22:57:51.562932866Z | 44 | PC: 12ac4 | Get time 0x12ac4: shr dl, 1 0x12ac6: shr dl, 1 0x12ac8: add dl, 0x40 0x12acb: mov byte ptr [bp + 0x225], dl 0x12acf: xor bx, bx 0x12ad1: mov ah, 0x4e 0x12ad3: lea dx, word ptr [bp + 0x225] 0x12ad7: mov cx, 0x11 0x12ada: int 0x21 0x12adc: jae 0x12afa 0x12ade: mov al, byte ptr [bp + 0x225] 0x12ae2: inc al 0x12ae4: cmp al, 0x5a 0x12ae6: jbe 0x12aea 0x12ae8: sub al, 0x1a 0x12aea: mov byte ptr [bp + 0x225], al 0x12aee: inc bh 0x12af0: cmp bh, 0x1b 0x12af3: je 0x12aa7 0x12af5: jmp 0x12ad1 |
| 2018-12-17T22:57:51.568208022Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.574902355Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.580557909Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.586988445Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.592841318Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.598673181Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.605872612Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.614299493Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.620310869Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.626636766Z | 78 | PC: 12adc | Find first file |
| 2018-12-17T22:57:51.63334613Z | 59 | PC: 12b01 | Change current directory |
| 2018-12-17T22:57:51.642679368Z | 78 | PC: 12b0c | Find first file |
| 2018-12-17T22:57:51.652246494Z | 67 | PC: 12b6a | Get or set file attributes |
| 2018-12-17T22:57:51.657793582Z | 67 | PC: 12b77 | Get or set file attributes |
| 2018-12-17T22:57:52.003020801Z | 61 | PC: 12b7f | Open file (Filename = 'WIN.COM') |
| 2018-12-17T22:57:52.011227731Z | 87 | PC: 12b85 | Get or set file date and time |
| 2018-12-17T22:57:52.013964914Z | 44 | PC: 12b98 | Get time 0x12b98: or dx, dx 0x12b9a: je 0x12b94 0x12b9c: mov word ptr [bp + 0x25a], dx 0x12ba0: mov ah, 0x3f 0x12ba2: lea dx, word ptr [bp + 0x21c] 0x12ba6: mov cx, 3 0x12ba9: int 0x21 0x12bab: mov ax, 0x4202 0x12bae: xor cx, cx 0x12bb0: cdq 0x12bb1: int 0x21 0x12bb3: sub ax, 3 0x12bb6: mov word ptr cs:[0xfa79], ax 0x12bba: mov byte ptr cs:[0xfa78], 0xe9 0x12bc0: nop 0x12bc1: nop 0x12bc2: nop 0x12bc3: lea si, word ptr [bp - 5] 0x12bc6: nop 0x12bc7: mov di, 0xfb2c |
| 2018-12-17T22:57:52.01811257Z | 63 | PC: 12bab | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:57:52.02552227Z | 66 | PC: 12bb3 | Move file pointer |
| 2018-12-17T22:57:52.028210404Z | 64 | PC: 12be0 | Write file or device (Write 615 bytes on handle 5) |
| 2018-12-17T22:57:52.038579331Z | 66 | PC: 12be8 | Move file pointer |
| 2018-12-17T22:57:52.040593452Z | 64 | PC: 12bf2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:57:52.045310776Z | 87 | PC: 12c07 | Get or set file date and time |
| 2018-12-17T22:57:52.04705892Z | 62 | PC: 12c0b | Close file |
| 2018-12-17T22:57:52.054212654Z | 67 | PC: 12c18 | Get or set file attributes |
| 2018-12-17T22:57:52.065774148Z | 14 | PC: 12c55 | Set default drive (Drive = 'A') |
| 2018-12-17T22:57:52.067878257Z | 59 | PC: 12c4b | Change current directory |
| 2018-12-17T22:57:52.072562231Z | 59 | PC: 12c5d | Change current directory |
| 2018-12-17T22:57:52.075672004Z | 37 | PC: 12c31 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:57:52.077092425Z | 26 | PC: 12c39 | Set disk transfer address |