.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:07:31.957902413Z | 250 | PC: 21e5a | UNKNOWN! |
| 2018-12-17T23:07:31.960163995Z | 47 | PC: 21e74 | Get disk transfer address |
| 2018-12-17T23:07:31.961565381Z | 26 | PC: 21e88 | Set disk transfer address |
| 2018-12-17T23:07:31.962891341Z | 25 | PC: 21e97 | Get default drive |
| 2018-12-17T23:07:31.966088757Z | 14 | PC: 21ea1 | Set default drive (Drive = 'C') |
| 2018-12-17T23:07:31.968471826Z | 78 | PC: 21eae | Find first file |
| 2018-12-17T23:07:31.975116567Z | 67 | PC: 21ed6 | Get or set file attributes |
| 2018-12-17T23:07:31.981614406Z | 67 | PC: 21ee3 | Get or set file attributes |
| 2018-12-17T23:07:32.327381304Z | 61 | PC: 21eeb | Open file (Filename = 'COMMAND.COM') |
| 2018-12-17T23:07:32.334143212Z | 87 | PC: 21ef2 | Get or set file date and time |
| 2018-12-17T23:07:32.336130123Z | 44 | PC: 21f00 | Get time 0x21f00: or dl, dl 0x21f02: je 0x21efc 0x21f04: mov byte ptr [bp + 0x19b], dl 0x21f08: mov ah, 0x3f 0x21f0a: lea dx, word ptr [bp + 0x168] 0x21f0e: mov cx, 3 0x21f11: int 0x21 0x21f13: xor ah, ah 0x21f15: mov ax, 0x4202 0x21f18: xor cx, cx 0x21f1a: xor dx, dx 0x21f1c: int 0x21 0x21f1e: sub ax, 3 0x21f21: mov word ptr cs:[0xfb2d], ax 0x21f25: mov byte ptr cs:[0xfb2c], 0xe9 0x21f2b: lea si, word ptr [bp - 3] 0x21f2e: mov di, 0xfcbc 0x21f31: mov cx, 0x19f 0x21f34: cld 0x21f35: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-17T23:07:32.339123966Z | 63 | PC: 21f13 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T23:07:32.341999089Z | 66 | PC: 21f1e | Move file pointer |
| 2018-12-17T23:07:32.343890707Z | 64 | PC: 21f4a | Write file or device (Write 415 bytes on handle 5) |
| 2018-12-17T23:07:32.351857288Z | 66 | PC: 21f53 | Move file pointer |
| 2018-12-17T23:07:32.353505795Z | 64 | PC: 21f60 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:07:32.357238761Z | 87 | PC: 21f77 | Get or set file date and time |
| 2018-12-17T23:07:32.358989958Z | 62 | PC: 21f7b | Close file |
| 2018-12-17T23:07:32.366534987Z | 67 | PC: 21f88 | Get or set file attributes |
| 2018-12-17T23:07:32.37700292Z | 62 | PC: 21eca | Close file |
| 2018-12-17T23:07:32.379404142Z | 79 | PC: 21eae | Find next file |
| 2018-12-17T23:07:32.382289592Z | 26 | PC: 21f9a | Set disk transfer address |
| 2018-12-17T23:07:32.383814799Z | 14 | PC: 21fa4 | Set default drive (Drive = 'A') |
| 2018-12-17T23:07:32.386520862Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat F400H bytes long ') |
| 2018-12-17T23:07:32.392205741Z | 0 | PC: 12a89 | Program terminate |