.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:05:20.966430159Z | 53 | PC: 12a79 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:05:20.969627872Z | 37 | PC: 12a8d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:05:20.971102656Z | 47 | PC: 12a92 | Get disk transfer address |
| 2018-12-17T23:05:20.972504312Z | 26 | PC: 12aa4 | Set disk transfer address |
| 2018-12-17T23:05:20.974510244Z | 25 | PC: 12aa8 | Get default drive |
| 2018-12-17T23:05:20.975898775Z | 71 | PC: 12ab5 | Get current directory |
| 2018-12-17T23:05:20.979206696Z | 14 | PC: 12acb | Set default drive (Drive = 'C') |
| 2018-12-17T23:05:20.986615898Z | 59 | PC: 12c5e | Change current directory |
| 2018-12-17T23:05:20.991026372Z | 44 | PC: 12ad2 | Get time 0x12ad2: shr dl, 1 0x12ad4: shr dl, 1 0x12ad6: add dl, 0x40 0x12ad9: mov byte ptr [bp + 0x239], dl 0x12add: xor bx, bx 0x12adf: mov ah, 0x4e 0x12ae1: lea dx, word ptr [bp + 0x239] 0x12ae5: mov cx, 0x11 0x12ae8: int 0x21 0x12aea: jae 0x12b07 0x12aec: mov al, byte ptr [bp + 0x239] 0x12af0: inc al 0x12af2: cmp al, 0x5a 0x12af4: jbe 0x12af8 0x12af6: sub al, 0x1a 0x12af8: mov byte ptr [bp + 0x239], al 0x12afc: inc bh 0x12afe: cmp bh, 0x1b 0x12b01: je 0x12ab5 0x12b03: jmp 0x12adf |
| 2018-12-17T23:05:20.994220418Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.000603411Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.006890964Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.012678247Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.018674853Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.026408746Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.032064872Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.038036461Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.044722855Z | 78 | PC: 12aea | Find first file |
| 2018-12-17T23:05:21.050847642Z | 59 | PC: 12b0e | Change current directory |
| 2018-12-17T23:05:21.059792573Z | 78 | PC: 12b19 | Find first file |
| 2018-12-17T23:05:21.07003855Z | 67 | PC: 12b75 | Get or set file attributes |
| 2018-12-17T23:05:21.076898609Z | 67 | PC: 12b82 | Get or set file attributes |
| 2018-12-17T23:05:21.421707934Z | 61 | PC: 12b8a | Open file (Filename = 'WIN.COM') |
| 2018-12-17T23:05:21.429317543Z | 87 | PC: 12b90 | Get or set file date and time |
| 2018-12-17T23:05:21.432073566Z | 44 | PC: 12ba3 | Get time 0x12ba3: or dx, dx 0x12ba5: je 0x12b9f 0x12ba7: mov word ptr [bp + 0x26e], dx 0x12bab: mov ah, 0x3f 0x12bad: lea dx, word ptr [bp + 0x230] 0x12bb1: mov cx, 3 0x12bb4: int 0x21 0x12bb6: mov ax, 0x4202 0x12bb9: xor cx, cx 0x12bbb: cdq 0x12bbc: int 0x21 0x12bbe: sub ax, 3 0x12bc1: mov word ptr cs:[0xfa79], ax 0x12bc5: mov byte ptr cs:[0xfa78], 0xe9 0x12bcb: nop 0x12bcc: nop 0x12bcd: nop 0x12bce: lea si, word ptr [bp - 5] 0x12bd1: mov di, 0xfb2c 0x12bd4: mov cx, 0x27b |
| 2018-12-17T23:05:21.434880264Z | 63 | PC: 12bb6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T23:05:21.441368104Z | 66 | PC: 12bbe | Move file pointer |
| 2018-12-17T23:05:21.444451402Z | 64 | PC: 12bea | Write file or device (Write 635 bytes on handle 5) |
| 2018-12-17T23:05:21.45290595Z | 66 | PC: 12bf2 | Move file pointer |
| 2018-12-17T23:05:21.454968078Z | 64 | PC: 12bfc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:05:21.459071784Z | 87 | PC: 12c11 | Get or set file date and time |
| 2018-12-17T23:05:21.461216788Z | 62 | PC: 12c15 | Close file |
| 2018-12-17T23:05:21.468849481Z | 67 | PC: 12c22 | Get or set file attributes |
| 2018-12-17T23:05:21.480484861Z | 14 | PC: 12c68 | Set default drive (Drive = 'A') |
| 2018-12-17T23:05:21.482112461Z | 59 | PC: 12c5e | Change current directory |
| 2018-12-17T23:05:21.487305526Z | 59 | PC: 12c70 | Change current directory |
| 2018-12-17T23:05:21.490495024Z | 37 | PC: 12c3b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:05:21.492243762Z | 26 | PC: 12c4b | Set disk transfer address |