.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:00:44.019896133Z | 254 | PC: 12e3f | UNKNOWN! |
| 2018-12-17T23:00:44.021338607Z | 42 | PC: 12e89 | Get date 0x12e89: call 0x12f53 0x12e8c: mov word ptr [si + 0x917], ax 0x12e90: mov ax, 0x3d00 0x12e93: lea dx, word ptr [si + 0x4f0] 0x12e97: int3 0x12e98: mov bx, ax 0x12e9a: jae 0x12e9d 0x12e9c: ret 0x12e9d: mov ah, 0x3f 0x12e9f: lea dx, word ptr [si + 0x970] 0x12ea3: mov cx, 0x28 0x12ea6: int3 0x12ea7: and ax, ax 0x12ea9: jne 0x12eae 0x12eab: jmp 0x12f3b 0x12eae: mov cx, ax 0x12eb0: mov di, dx 0x12eb2: mov al, 0xd 0x12eb4: repne scasb al, byte ptr es:[di] 0x12eb6: jne 0x12e9d |
| 2018-12-17T23:00:44.024050322Z | 61 | PC: 12e98 | Open file (Filename = 'c:\config.sys') |
| 2018-12-17T23:00:44.031141778Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.038111337Z | 66 | PC: 12ec8 | Move file pointer |
| 2018-12-17T23:00:44.048791356Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.051451096Z | 66 | PC: 12ec8 | Move file pointer |
| 2018-12-17T23:00:44.053026989Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.056237427Z | 66 | PC: 12ec8 | Move file pointer |
| 2018-12-17T23:00:44.05804608Z | 61 | PC: 12f2a | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS') |
| 2018-12-17T23:00:44.069962974Z | 66 | PC: 12fda | Move file pointer |
| 2018-12-17T23:00:44.071794319Z | 63 | PC: 12ff8 | Read file or device (Read 6 bytes on handle 6) |
| 2018-12-17T23:00:44.07679866Z | 87 | PC: 13029 | Get or set file date and time |
| 2018-12-17T23:00:44.078184902Z | 90 | PC: 130a4 | Create unique file |
| 2018-12-17T23:00:44.419535472Z | 62 | PC: 130ab | Close file |
| 2018-12-17T23:00:44.421472911Z | 65 | PC: 130b0 | Delete file (Filename = 'c:\ABAKAIEC') |
| 2018-12-17T23:00:44.429915365Z | 63 | PC: 130f7 | Read file or device (Read 2 bytes on handle 6) |
| 2018-12-17T23:00:44.433415359Z | 63 | PC: 13101 | Read file or device (Read 2 bytes on handle 6) |
| 2018-12-17T23:00:44.436074679Z | 66 | PC: 12fda | Move file pointer |
| 2018-12-17T23:00:44.437464504Z | 63 | PC: 13112 | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:00:44.446584546Z | 66 | PC: 12fe3 | Move file pointer |
| 2018-12-17T23:00:44.448665955Z | 66 | PC: 12fda | Move file pointer |
| 2018-12-17T23:00:44.450833469Z | 64 | PC: 13131 | Write file or device (Write 2 bytes on handle 6) |
| 2018-12-17T23:00:44.454673209Z | 66 | PC: 12fda | Move file pointer |
| 2018-12-17T23:00:44.456705475Z | 64 | PC: 13142 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:00:44.460398963Z | 66 | PC: 12fe3 | Move file pointer |
| 2018-12-17T23:00:44.462045505Z | 64 | PC: 13044 | Write file or device (Write 2339 bytes on handle 6) |
| 2018-12-17T23:00:44.473457193Z | 87 | PC: 131f1 | Get or set file date and time |
| 2018-12-17T23:00:44.475627291Z | 66 | PC: 12fda | Move file pointer |
| 2018-12-17T23:00:44.477542247Z | 62 | PC: 12f37 | Close file |
| 2018-12-17T23:00:44.486136068Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.489038435Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.491813828Z | 66 | PC: 12ec8 | Move file pointer |
| 2018-12-17T23:00:44.494175794Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.497106453Z | 66 | PC: 12ec8 | Move file pointer |
| 2018-12-17T23:00:44.499592444Z | 63 | PC: 12ea7 | Read file or device (Read 40 bytes on handle 5) |
| 2018-12-17T23:00:44.502401999Z | 62 | PC: 12f3e | Close file |