.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:01:03.603975703Z | 26 | PC: 12a70 | Set disk transfer address |
| 2018-12-17T23:01:03.606067281Z | 67 | PC: 12c2d | Get or set file attributes |
| 2018-12-17T23:01:03.612095552Z | 67 | PC: 12c36 | Get or set file attributes |
| 2018-12-17T23:01:03.951246552Z | 61 | PC: 12c3d | Open file (Filename = 'C:\AUTOEXEC.BAT') |
| 2018-12-17T23:01:03.95889662Z | 87 | PC: 12c43 | Get or set file date and time |
| 2018-12-17T23:01:03.962012927Z | 64 | PC: 12c4f | Write file or device (Write 65 bytes on handle 5) |
| 2018-12-17T23:01:03.965289285Z | 87 | PC: 12c56 | Get or set file date and time |
| 2018-12-17T23:01:03.967413765Z | 61 | PC: 12c5a | Open file (Filename = 'Y�+���6ʭ������t�I���I���w���Э� ���O�Э:E�t���ҭ3ɬ�
�u��ŝ]_^ZY[�P�/���t��\�ЭXâЭX�SQRWV��������6έ�6̭��6ʭ�2ɬ
�t�:�t����t�������2ɪ����6έ��3�����t!�Э
�u�:E�t����
�u��������}���') |
| 2018-12-17T23:01:03.973304065Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-17T23:01:03.983698016Z | 78 | PC: 12a7e | Find first file |
| 2018-12-17T23:01:03.990717788Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:03.997892945Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.027317892Z | 61 | PC: 12aa9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:01:04.039363102Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.0468737Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.053953551Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.055215194Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.057246295Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.060027328Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.069800477Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.071938597Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.079327399Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.081098752Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.090772844Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.101877514Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.104878971Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.112639373Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.123621865Z | 61 | PC: 12aa9 | Open file (Filename = 'PRINT.S') |
| 2018-12-17T23:01:04.131681263Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.133425771Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.14163663Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.143526711Z | 66 | PC: 12b65 | Move file pointer |
| 2018-12-17T23:01:04.145546163Z | 64 | PC: 12b70 | Write file or device (Write 170 bytes on handle 6) |
| 2018-12-17T23:01:04.151768863Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.153873812Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.162023634Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.173352239Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.176358747Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.183401142Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.194969883Z | 61 | PC: 12aa9 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T23:01:04.202441185Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.204369163Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.212077913Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.214369715Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.21619547Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.219290249Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.225344653Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.226794737Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.233484906Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.235657451Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.245481279Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.25636291Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.259793083Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.264821087Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.271112555Z | 61 | PC: 12aa9 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T23:01:04.27586956Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.277054898Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.281164882Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.28232785Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.283544288Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.285240677Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.290801763Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.291912723Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.29615696Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.297291887Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.302672948Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.311522107Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.314663678Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.321916448Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.332577836Z | 61 | PC: 12aa9 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T23:01:04.339815539Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.342408563Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.349382305Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.350970862Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.35354607Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.357033996Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.367907882Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.370338504Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.378275257Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.379887304Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.393611292Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.403394713Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.405396979Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.412155994Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.423590415Z | 61 | PC: 12aa9 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T23:01:04.43628581Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.438676262Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.446176847Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.447400317Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.448806808Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.452340316Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.461644384Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.463885746Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.471710857Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.473488421Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.482625825Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.495657793Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.499156672Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.506730597Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.518978705Z | 61 | PC: 12aa9 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T23:01:04.526265478Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.527816168Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.535276143Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.536785909Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.538714478Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.541772694Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.552608075Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.554409212Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.561691323Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.564422786Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.573074985Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.584183432Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.588433907Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.594607931Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.604986274Z | 61 | PC: 12aa9 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T23:01:04.612730521Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.614510798Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.621328131Z | 47 | PC: 12ac9 | Get disk transfer address |
| 2018-12-17T23:01:04.622967415Z | 66 | PC: 12b7a | Move file pointer |
| 2018-12-17T23:01:04.625159597Z | 44 | PC: 12af9 | Get time 0x12af9: mov word ptr ds:[bp + 0x37e], dx
0x12afe: mov cx, 0x12
0x12b01: lea di, word ptr [bp + 0x3c0]
0x12b05: lea si, word ptr [bp + 0x380]
0x12b09: push cx
0x12b0a: push si
0x12b0b: rep movsb byte ptr es:[di], byte ptr [si]
0x12b0d: mov cx, 0xb
0x12b10: lea si, word ptr [bp + 0x1e3]
0x12b14: rep movsb byte ptr es:[di], byte ptr [si]
0x12b16: pop si
0x12b17: pop cx
0x12b18: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1a: mov al, 0xc3
0x12b1c: stosb byte ptr es:[di], al
0x12b1d: call 0x12d00
0x12b20: jmp 0x12b2e
0x12b22: nop
0x12b23: mov ah, 0x40
0x12b25: mov cx, 0x292
|
| 2018-12-17T23:01:04.627964755Z | 64 | PC: 12d1d | Write file or device (Write 658 bytes on handle 6) |
| 2018-12-17T23:01:04.637388134Z | 66 | PC: 12b36 | Move file pointer |
| 2018-12-17T23:01:04.639794329Z | 64 | PC: 12b41 | Write file or device (Write 5 bytes on handle 6) |
| 2018-12-17T23:01:04.646952123Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.648833106Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.657347246Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.667994733Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.671138896Z | 67 | PC: 12a97 | Get or set file attributes |
| 2018-12-17T23:01:04.677171664Z | 67 | PC: 12aa0 | Get or set file attributes |
| 2018-12-17T23:01:04.688053321Z | 61 | PC: 12aa9 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:01:04.702113378Z | 87 | PC: 12aaf | Get or set file date and time |
| 2018-12-17T23:01:04.704004248Z | 63 | PC: 12abc | Read file or device (Read 5 bytes on handle 6) |
| 2018-12-17T23:01:04.711612489Z | 87 | PC: 12b48 | Get or set file date and time |
| 2018-12-17T23:01:04.714175638Z | 62 | PC: 12b4c | Close file |
| 2018-12-17T23:01:04.722732534Z | 67 | PC: 12b53 | Get or set file attributes |
| 2018-12-17T23:01:04.73358681Z | 79 | PC: 12a7e | Find next file |
| 2018-12-17T23:01:04.737299893Z | 26 | PC: 12b5b | Set disk transfer address |
