.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:07:23.45244284Z | 53 | PC: 12a6e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:23.45468945Z | 37 | PC: 12a82 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:23.456502507Z | 47 | PC: 12a88 | Get disk transfer address |
| 2018-12-17T23:07:23.458209782Z | 26 | PC: 12a9a | Set disk transfer address |
| 2018-12-17T23:07:23.45989736Z | 25 | PC: 12a9e | Get default drive |
| 2018-12-17T23:07:23.464286913Z | 71 | PC: 12aab | Get current directory |
| 2018-12-17T23:07:23.467709105Z | 14 | PC: 12ac1 | Set default drive (Drive = 'C') |
| 2018-12-17T23:07:23.469223482Z | 59 | PC: 12c58 | Change current directory |
| 2018-12-17T23:07:23.477180284Z | 44 | PC: 12ac8 | Get time 0x12ac8: shr dl, 1 0x12aca: shr dl, 1 0x12acc: add dl, 0x40 0x12acf: mov byte ptr [bp + 0x22f], dl 0x12ad3: xor bx, bx 0x12ad5: mov ah, 0x4e 0x12ad7: lea dx, word ptr [bp + 0x22f] 0x12adb: mov cx, 0x11 0x12ade: int 0x21 0x12ae0: jae 0x12afd 0x12ae2: mov al, byte ptr [bp + 0x22f] 0x12ae6: inc al 0x12ae8: cmp al, 0x5a 0x12aea: jbe 0x12aee 0x12aec: sub al, 0x1a 0x12aee: mov byte ptr [bp + 0x22f], al 0x12af2: inc bh 0x12af4: cmp bh, 0x1b 0x12af7: je 0x12aab 0x12af9: jmp 0x12ad5 |
| 2018-12-17T23:07:23.488374921Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.494676045Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.501047744Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.507240076Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.513052751Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.524444023Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.530746583Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.537580101Z | 78 | PC: 12ae0 | Find first file |
| 2018-12-17T23:07:23.543622626Z | 59 | PC: 12b04 | Change current directory |
| 2018-12-17T23:07:23.553578676Z | 78 | PC: 12b0f | Find first file |
| 2018-12-17T23:07:23.578652054Z | 67 | PC: 12b6b | Get or set file attributes |
| 2018-12-17T23:07:23.585426138Z | 67 | PC: 12b78 | Get or set file attributes |
| 2018-12-17T23:07:23.932692809Z | 61 | PC: 12b80 | Open file (Filename = 'WIN.COM') |
| 2018-12-17T23:07:23.940465867Z | 87 | PC: 12b87 | Get or set file date and time |
| 2018-12-17T23:07:23.94203299Z | 44 | PC: 12b9e | Get time 0x12b9e: or dx, dx 0x12ba0: je 0x12b9a 0x12ba2: mov word ptr [bp + 0x2c4], dx 0x12ba6: mov ah, 0x3f 0x12ba8: lea dx, word ptr [bp + 0x226] 0x12bac: mov cx, 3 0x12baf: int 0x21 0x12bb1: mov ax, 0x4202 0x12bb4: xor cx, cx 0x12bb6: xor dx, dx 0x12bb8: int 0x21 0x12bba: sub ax, 3 0x12bbd: mov word ptr cs:[0xfafb], ax 0x12bc1: mov byte ptr cs:[0xfafa], 0xe9 0x12bc7: lea si, word ptr [bp - 3] 0x12bca: mov di, 0xfbf4 0x12bcd: mov cx, 0x2cb 0x12bd0: cld 0x12bd1: rep movsb byte ptr es:[di], byte ptr [si] 0x12bd3: mov si, 0xfc10 |
| 2018-12-17T23:07:23.945438012Z | 63 | PC: 12bb1 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T23:07:23.951776179Z | 66 | PC: 12bba | Move file pointer |
| 2018-12-17T23:07:23.953829973Z | 64 | PC: 12be3 | Write file or device (Write 715 bytes on handle 5) |
| 2018-12-17T23:07:23.961089361Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T23:07:23.962878756Z | 64 | PC: 12bf6 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:07:23.966634409Z | 87 | PC: 12c0b | Get or set file date and time |
| 2018-12-17T23:07:23.969196791Z | 62 | PC: 12c0f | Close file |
| 2018-12-17T23:07:23.9770935Z | 67 | PC: 12c1c | Get or set file attributes |
| 2018-12-17T23:07:23.988716747Z | 14 | PC: 12c62 | Set default drive (Drive = 'A') |
| 2018-12-17T23:07:23.990862934Z | 59 | PC: 12c58 | Change current directory |
| 2018-12-17T23:07:23.996658697Z | 59 | PC: 12c6a | Change current directory |
| 2018-12-17T23:07:23.999480862Z | 37 | PC: 12c35 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:24.000975417Z | 26 | PC: 12c45 | Set disk transfer address |