.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:58:43.441175109Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.443818788Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T22:58:43.445605947Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T22:58:43.447114753Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:58:43.449303096Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.45097073Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.452656148Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T22:58:43.454949609Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T22:58:43.462024156Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T22:58:43.463854886Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T22:58:43.465672322Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T22:58:43.468389399Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T22:58:43.470086218Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T22:58:43.471920236Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T22:58:43.474368247Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T22:58:43.478471659Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T22:58:43.480226618Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T22:58:43.482427725Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.48422892Z | 53 | PC: 132ba | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T22:58:43.485939876Z | 37 | PC: 132cf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.487893428Z | 37 | PC: 132d7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.490568205Z | 37 | PC: 132df | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.491970932Z | 37 | PC: 132e7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.493678091Z | 68 | PC: 13b45 | I/O control for devices (Set for = '') |
| 2018-12-17T22:58:43.496189842Z | 44 | PC: 130b3 | Get time 0x130b3: mov byte ptr [0x56], ch
0x130b7: mov di, 0x58
0x130ba: push ds
0x130bb: push di
0x130bc: call 0x22a40
0x130bf: cmp byte ptr [0x56], 0xc
0x130c4: jne 0x130d9
0x130c6: mov ah, 0x40
0x130c8: mov bx, 1
0x130cb: lea dx, word ptr [0x58]
0x130cf: mov cx, 0x20
0x130d2: int 0x21
0x130d4: mov byte ptr [0x2acf], 1
0x130d9: push ax
0x130da: in al, 0x21
0x130dc: or al, 3
0x130de: out 0x21, al
0x130e0: pop ax
0x130e1: call 0x22be3
0x130e4: call 0x2301b
|
| 2018-12-17T22:58:43.499605531Z | 48 | PC: 13870 | Get DOS version |
| 2018-12-17T22:58:43.501603787Z | 48 | PC: 13870 | Get DOS version |
| 2018-12-17T22:58:43.504550576Z | 61 | PC: 13722 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T22:58:43.512189393Z | 63 | PC: 137f5 | Read file or device (Read 4944 bytes on handle 5) |
| 2018-12-17T22:58:43.549395284Z | 62 | PC: 13772 | Close file |
| 2018-12-17T22:58:43.552811494Z | 26 | PC: 13135 | Set disk transfer address |
| 2018-12-17T22:58:43.554743485Z | 78 | PC: 13141 | Find first file |
| 2018-12-17T22:58:43.562663541Z | 61 | PC: 13722 | Open file (Filename = 'TEST.EXE') |
| 2018-12-17T22:58:43.570764698Z | 66 | PC: 13854 | Move file pointer |
| 2018-12-17T22:58:43.572948643Z | 63 | PC: 137f5 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T22:58:43.581650187Z | 26 | PC: 13159 | Set disk transfer address |
| 2018-12-17T22:58:43.584385478Z | 79 | PC: 1315e | Find next file |
| 2018-12-17T22:58:43.588610169Z | 48 | PC: 13870 | Get DOS version |
| 2018-12-17T22:58:43.590756574Z | 26 | PC: 13135 | Set disk transfer address |
| 2018-12-17T22:58:43.592593917Z | 78 | PC: 13141 | Find first file |
| 2018-12-17T22:58:43.601236681Z | 48 | PC: 13870 | Get DOS version |
| 2018-12-17T22:58:43.60317283Z | 67 | PC: 12cee | Get or set file attributes |
| 2018-12-17T22:58:43.605282996Z | 61 | PC: 13722 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T22:58:43.613611781Z | 66 | PC: 13854 | Move file pointer |
| 2018-12-17T22:58:43.615375856Z | 63 | PC: 137f5 | Read file or device (Read 4944 bytes on handle 6) |
| 2018-12-17T22:58:43.623458568Z | 66 | PC: 13854 | Move file pointer |
| 2018-12-17T22:58:43.627119559Z | 64 | PC: 13753 | Write file or device (Write 0 bytes on handle 6) |
| 2018-12-17T22:58:43.642183552Z | 66 | PC: 13854 | Move file pointer |
| 2018-12-17T22:58:43.644096738Z | 64 | PC: 137f5 | Write file or device (Write 4944 bytes on handle 6) |
| 2018-12-17T22:58:43.65494048Z | 62 | PC: 13772 | Close file |
| 2018-12-17T22:58:43.663948881Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.665978566Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.667571931Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T22:58:43.670270002Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T22:58:43.671818102Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T22:58:43.67336551Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T22:58:43.675518527Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:58:43.677037091Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:58:43.678464975Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.680785807Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.682200746Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.683621667Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.685918705Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T22:58:43.687312264Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T22:58:43.688652453Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T22:58:43.69017249Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T22:58:43.692058615Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T22:58:43.693733593Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T22:58:43.695404243Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T22:58:43.698077677Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T22:58:43.699427094Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T22:58:43.701049012Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T22:58:43.704038652Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T22:58:43.705917654Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T22:58:43.707960243Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T22:58:43.710202276Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T22:58:43.711690824Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T22:58:43.713156459Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T22:58:43.715100533Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T22:58:43.716784738Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T22:58:43.718416345Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T22:58:43.721700638Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T22:58:43.723176712Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T22:58:43.724549823Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T22:58:43.726845879Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.728515838Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.730153976Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T22:58:43.732311111Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T22:58:43.734131743Z | 41 | PC: 131ed | Parse filename |
| 2018-12-17T22:58:43.736459097Z | 41 | PC: 131fb | Parse filename |
| 2018-12-17T22:58:43.739414151Z | 75 | PC: 13206 | Execute program |
| 2018-12-17T22:58:43.757041312Z | 9 | PC: 173c8 | Display string (String= '����������J�W�U�W���������������������������������') |
| 2018-12-17T22:58:43.770667213Z | 76 | PC: 173cc | Terminate with return code (Return code = '36') |
| 2018-12-17T22:58:43.774134499Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.776633656Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.778168862Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T22:58:43.779721931Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T22:58:43.781871661Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T22:58:43.78334481Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T22:58:43.784880387Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:58:43.787769557Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:58:43.789855498Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.791471345Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.793807706Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.795905429Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.798169133Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T22:58:43.800196213Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T22:58:43.801967853Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T22:58:43.803263528Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T22:58:43.80449331Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T22:58:43.806363325Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T22:58:43.807576535Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T22:58:43.808829941Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T22:58:43.810863804Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T22:58:43.812115596Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T22:58:43.813315522Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T22:58:43.815923543Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T22:58:43.817298868Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T22:58:43.818647754Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T22:58:43.822853239Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T22:58:43.824191454Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T22:58:43.825489203Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T22:58:43.828926784Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T22:58:43.830515961Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T22:58:43.832158017Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T22:58:43.834327765Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T22:58:43.835918414Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T22:58:43.837595577Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.839938631Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.841609963Z | 53 | PC: 13236 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T22:58:43.84320987Z | 37 | PC: 1323f | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T22:58:43.845855081Z | 48 | PC: 13870 | Get DOS version |
| 2018-12-17T22:58:43.847767686Z | 61 | PC: 13722 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T22:58:43.85653279Z | 64 | PC: 137f5 | Write file or device (Write 4944 bytes on handle 6) |
| 2018-12-17T22:58:43.868145888Z | 66 | PC: 13854 | Move file pointer |
| 2018-12-17T22:58:43.870571026Z | 64 | PC: 137f5 | Write file or device (Write 4944 bytes on handle 6) |
| 2018-12-17T22:58:43.880500409Z | 66 | PC: 13854 | Move file pointer |
| 2018-12-17T22:58:43.883719118Z | 64 | PC: 137f5 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T22:58:43.887014762Z | 62 | PC: 13772 | Close file |
| 2018-12-17T22:58:43.896650092Z | 64 | PC: 1367d | Write file or device (Write 0 bytes on handle 1) |
| 2018-12-17T22:58:43.900345037Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:58:43.902628229Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T22:58:43.904465943Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T22:58:43.907120752Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:58:43.909310017Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:58:43.910951572Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:58:43.913119046Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T22:58:43.914897278Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T22:58:43.916765079Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T22:58:43.919505029Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T22:58:43.921285526Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T22:58:43.923103533Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T22:58:43.926064698Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T22:58:43.927910197Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T22:58:43.930584704Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T22:58:43.93324323Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T22:58:43.935491486Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T22:58:43.937156285Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T22:58:43.938541449Z | 37 | PC: 13411 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T22:58:43.940581042Z | 76 | PC: 13450 | Terminate with return code (Return code = '0') |
