.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:03:19.105900618Z | 26 | PC: 12a7e | Set disk transfer address |
| 2018-12-17T23:03:19.107795893Z | 71 | PC: 12a88 | Get current directory |
| 2018-12-17T23:03:19.110900844Z | 67 | PC: 12ca9 | Get or set file attributes |
| 2018-12-17T23:03:19.117127397Z | 65 | PC: 12cad | Delete file (Filename = 'ANTI-VIR.DAT') |
| 2018-12-17T23:03:19.123840291Z | 67 | PC: 12ca9 | Get or set file attributes |
| 2018-12-17T23:03:19.130113438Z | 65 | PC: 12cad | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-17T23:03:19.142240855Z | 67 | PC: 12ca9 | Get or set file attributes |
| 2018-12-17T23:03:19.156144988Z | 65 | PC: 12cad | Delete file (Filename = 'CHKLIST.CPS') |
| 2018-12-17T23:03:19.163437123Z | 67 | PC: 12ca9 | Get or set file attributes |
| 2018-12-17T23:03:19.170177654Z | 65 | PC: 12cad | Delete file (Filename = 'IVB.NTZ') |
| 2018-12-17T23:03:19.177120001Z | 78 | PC: 12a90 | Find first file |
| 2018-12-17T23:03:19.184640136Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.206593272Z | 61 | PC: 12b7c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:03:19.21992365Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.227823355Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.229284978Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.231921963Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.235081446Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.238381175Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.247916119Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.252104925Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.253664628Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.26095386Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.263268206Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.272028362Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.2772558Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.281029817Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.284662849Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.29548753Z | 61 | PC: 12b7c | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T23:03:19.303474654Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.3114046Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.313208728Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.316063215Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.319096818Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.322319177Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.331105752Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.334344676Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.335769234Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.342906095Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.348943065Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.358751666Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.363930835Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.367974729Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.379649655Z | 61 | PC: 12b7c | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T23:03:19.387423533Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.395288593Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.397040108Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.399813432Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.402651695Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.405940855Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.414823155Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.418899318Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.420842489Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.428331161Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.430558695Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.44025299Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.445883612Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.449301388Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.461731285Z | 61 | PC: 12b7c | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T23:03:19.468013266Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.475122608Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.477072733Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.479981504Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.483054458Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.487455543Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.49632411Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.499484166Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.502293289Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.509537868Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.511248967Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.520862207Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.52596828Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.52880002Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.539274202Z | 61 | PC: 12b7c | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T23:03:19.54709609Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.554828033Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.556759706Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.5609788Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.563688126Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.567383226Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.577412397Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.580657487Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.582528245Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.590820047Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.592758203Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.601787622Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.607884802Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.61113005Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.62287511Z | 61 | PC: 12b7c | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T23:03:19.631497919Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.63899182Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.640979481Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.644761681Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.647486772Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.657376691Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.66721947Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.670250166Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.671785028Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.679225338Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.681410614Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.690757818Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.696155344Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.704609875Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.715751023Z | 61 | PC: 12b7c | Open file (Filename = 'PAH.COM') |
| 2018-12-17T23:03:19.723565433Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.732330125Z | 66 | PC: 12bc9 | Move file pointer |
| 2018-12-17T23:03:19.734288071Z | 63 | PC: 12be0 | Read file or device (Read 7 bytes on handle 5) |
| 2018-12-17T23:03:19.737374354Z | 44 | PC: 12bf4 | Get time 0x12bf4: mov word ptr [bp + 0x3cd], dx 0x12bf8: mov cx, 0x15 0x12bfb: lea dx, word ptr [bp + 0x105] 0x12bff: pop ax 0x12c00: int 0x21 0x12c02: push ax 0x12c03: push bp 0x12c04: mov bp, sp 0x12c06: mov word ptr [bp + 2], 0x4001 0x12c0b: pop bp 0x12c0c: mov cx, 0x15a 0x12c0f: mov dx, word ptr [bp + 0x3cd] 0x12c13: lea si, word ptr [bp + 0x11a] 0x12c17: lea di, word ptr [bp + 0x4a5] 0x12c1b: lodsw ax, word ptr [si] 0x12c1c: xor ax, dx 0x12c1e: stosw word ptr es:[di], ax 0x12c1f: loop 0x12c1b 0x12c21: mov cx, 0x2b3 0x12c24: lea dx, word ptr [bp + 0x4a5] |
| 2018-12-17T23:03:19.74073598Z | 64 | PC: 12c02 | Write file or device (Write 21 bytes on handle 5) |
| 2018-12-17T23:03:19.744424895Z | 64 | PC: 12c36 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:19.753623162Z | 64 | PC: 12c40 | Write file or device (Write 35 bytes on handle 5) |
| 2018-12-17T23:03:19.758728673Z | 66 | PC: 12c52 | Move file pointer |
| 2018-12-17T23:03:19.760337658Z | 64 | PC: 12c5c | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-17T23:03:19.767728276Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.770038171Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.779207162Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.784633549Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.789181314Z | 67 | PC: 12b67 | Get or set file attributes |
| 2018-12-17T23:03:19.800646133Z | 61 | PC: 12b7c | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:03:19.80858073Z | 63 | PC: 12b91 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-17T23:03:19.815939589Z | 87 | PC: 12c71 | Get or set file date and time |
| 2018-12-17T23:03:19.818210458Z | 62 | PC: 12c75 | Close file |
| 2018-12-17T23:03:19.830225614Z | 67 | PC: 12c84 | Get or set file attributes |
| 2018-12-17T23:03:19.8358495Z | 79 | PC: 12a90 | Find next file |
| 2018-12-17T23:03:19.839401512Z | 59 | PC: 12aa1 | Change current directory |
| 2018-12-17T23:03:19.844305795Z | 71 | PC: 12abe | Get current directory |
| 2018-12-17T23:03:19.84783886Z | 59 | PC: 12ae8 | Change current directory |
| 2018-12-17T23:03:19.860204392Z | 59 | PC: 12b03 | Change current directory |
| 2018-12-17T23:03:19.862527995Z | 26 | PC: 12b13 | Set disk transfer address |