.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:08:55.053996597Z | 48 | PC: 1361d | Get DOS version |
| 2018-12-17T23:08:55.056638563Z | 25 | PC: 137a8 | Get default drive |
| 2018-12-17T23:08:55.058459425Z | 14 | PC: 137ae | Set default drive (Drive = 'A') |
| 2018-12-17T23:08:55.06040957Z | 37 | PC: 13643 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:08:55.062942962Z | 46 | PC: 13636 | Set verify flag |
| 2018-12-17T23:08:55.065346861Z | 71 | PC: 131ec | Get current directory |
| 2018-12-17T23:08:55.069321772Z | 59 | PC: 131be | Change current directory |
| 2018-12-17T23:08:55.07789768Z | 59 | PC: 131be | Change current directory |
| 2018-12-17T23:08:55.082491614Z | 71 | PC: 131ec | Get current directory |
| 2018-12-17T23:08:55.0862298Z | 59 | PC: 131be | Change current directory |
| 2018-12-17T23:08:55.09676454Z | 65 | PC: 133ef | Delete file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T23:08:55.118276331Z | 28 | PC: 13798 | Get allocation info for specified drive |
| 2018-12-17T23:08:55.160342605Z | 26 | PC: 1376d | Set disk transfer address |
| 2018-12-17T23:08:55.163023644Z | 78 | PC: 13302 | Find first file |
| 2018-12-17T23:08:55.173119399Z | 67 | PC: 133d7 | Get or set file attributes |
| 2018-12-17T23:08:55.845314492Z | 61 | PC: 13531 | Open file (Filename = 'C:\IO.SYS') |
| 2018-12-17T23:08:55.853342492Z | 66 | PC: 13488 | Move file pointer |
| 2018-12-17T23:08:55.855726232Z | 66 | PC: 13493 | Move file pointer |
| 2018-12-17T23:08:55.857725379Z | 66 | PC: 1349f | Move file pointer |
| 2018-12-17T23:08:55.863689038Z | 54 | PC: 1377e | Get free disk space |
| 2018-12-17T23:08:55.87017595Z | 66 | PC: 1356d | Move file pointer |
| 2018-12-17T23:08:55.872393538Z | 64 | PC: 13575 | Write file or device (Write 0 bytes on handle 5) |
| 2018-12-17T23:08:56.2164804Z | 66 | PC: 13580 | Move file pointer |
| 2018-12-17T23:08:56.219137684Z | 62 | PC: 13444 | Close file |
| 2018-12-17T23:08:56.340296111Z | 67 | PC: 133d7 | Get or set file attributes |
| 2018-12-17T23:08:56.350919608Z | 28 | PC: 13798 | Get allocation info for specified drive |
| 2018-12-17T23:08:56.354706846Z | 28 | PC: 13798 | Get allocation info for specified drive |
| 2018-12-17T23:08:56.357016046Z | 28 | PC: 13798 | Get allocation info for specified drive |
| 2018-12-17T23:08:56.35933757Z | 74 | PC: 13744 | Reallocate memory |
| 2018-12-17T23:08:56.362676386Z | 42 | PC: 130a0 | Get date 0x130a0: xchg ax, cx 0x130a1: xchg ax, dx 0x130a2: mov ch, bh 0x130a4: pop bx 0x130a5: ret 0x130a6: push cx 0x130a7: mov ah, 0x2c 0x130a9: int 0x21 0x130ab: xchg ax, dx 0x130ac: mov dx, cx 0x130ae: pop cx 0x130af: ret 0x130b0: push bx 0x130b1: push cx 0x130b2: push di 0x130b3: mov dx, cx 0x130b5: xchg ax, bx 0x130b6: mov bx, 0x5dc 0x130b9: cmp dx, bx 0x130bb: jae 0x130e8 |
| 2018-12-17T23:08:56.365777575Z | 44 | PC: 130ab | Get time 0x130ab: xchg ax, dx 0x130ac: mov dx, cx 0x130ae: pop cx 0x130af: ret 0x130b0: push bx 0x130b1: push cx 0x130b2: push di 0x130b3: mov dx, cx 0x130b5: xchg ax, bx 0x130b6: mov bx, 0x5dc 0x130b9: cmp dx, bx 0x130bb: jae 0x130e8 0x130bd: div bx 0x130bf: mov cx, dx 0x130c1: mov bl, 0xf0 0x130c3: cmp ah, bl 0x130c5: jae 0x130e8 0x130c7: div bl 0x130c9: mov di, ax 0x130cb: xchg ah, al |
| 2018-12-17T23:08:56.36933486Z | 61 | PC: 13531 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T23:08:56.381749373Z | 74 | PC: 13744 | Reallocate memory |
| 2018-12-17T23:08:56.386003138Z | 81 | PC: 12145 | Get current PSP |