.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:04:53.933541739Z | 44 | PC: 18313 | Get time 0x18313: mov byte ptr ds:[bp + 0x10e], dl
0x18318: mov byte ptr ds:[bp + 0x10c], dl
0x1831d: mov byte ptr ds:[bp + 0x103], dl
0x18322: mov byte ptr ds:[bp + 0x104], dl
0x18327: mov byte ptr ds:[bp + 0x105], dl
0x1832c: mov byte ptr ds:[bp + 0x106], dl
0x18331: mov byte ptr ds:[bp + 0x107], dl
0x18336: mov byte ptr ds:[bp + 0x108], dl
0x1833b: mov byte ptr ds:[bp + 0x109], dl
0x18340: mov byte ptr ds:[bp + 0x10a], dl
0x18345: lea si, word ptr [bp + 0x35d]
0x18349: mov cx, 0x2d2
0x1834c: mov al, byte ptr ds:[bp + 0x34b]
0x18351: xor byte ptr [si], al
0x18353: inc si
0x18354: loop 0x18351
0x18356: mov ah, 0x2a
0x18358: int 0x21
0x1835a: cmp cx, 0x7ce
0x1835e: jg 0x18367
|
| 2018-12-17T22:04:53.937040605Z | 42 | PC: 1835a | Get date 0x1835a: cmp cx, 0x7ce
0x1835e: jg 0x18367
0x18360: cmp dh, 3
0x18363: jg 0x18367
0x18365: jmp 0x183db
0x18367: mov ah, 0x4e
0x18369: lea dx, word ptr [bp + 0x354]
0x1836d: mov cx, 0
0x18370: int 0x21
0x18372: jb 0x1838a
0x18374: mov ax, 0x4301
0x18377: xor cx, cx
0x18379: mov dx, 0x9e
0x1837c: int 0x21
0x1837e: mov ah, 0x41
0x18380: int 0x21
0x18382: mov ah, 9
0x18384: lea dx, word ptr [bp + 0x35d]
0x18388: int 0x21
0x1838a: mov ax, 0x304b
|
| 2018-12-17T22:04:53.939355911Z | 78 | PC: 18372 | Find first file |
| 2018-12-17T22:04:53.945468005Z | 48 | PC: 1838f | Get DOS version |
| 2018-12-17T22:04:53.947339954Z | 53 | PC: 1839e | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:04:53.952114348Z | 9 | PC: 15df0 | Display string (String= '
Mouse Driver Version 3.00 IBM XT,AT,PS/2 & Compatibles.
') |
| 2018-12-17T22:04:53.962952575Z | 53 | PC: 16870 | Get interrupt vector (Interrupt = '116' AKA 'UNKNOWN!') |
| 2018-12-17T22:04:53.964754901Z | 37 | PC: 1688d | Set interrupt vector (Interrupt = '116' AKA 'UNKNOWN!') |
| 2018-12-17T22:04:53.971546337Z | 53 | PC: 16899 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T22:04:53.972802252Z | 37 | PC: 168a9 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T22:04:53.973887947Z | 53 | PC: 168ae | Get interrupt vector (Interrupt = '16' AKA 'Close file') |
| 2018-12-17T22:04:53.97598445Z | 37 | PC: 168be | Set interrupt vector (Interrupt = '16' AKA 'Close file') |
| 2018-12-17T22:04:53.977050833Z | 53 | PC: 168c3 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break') |
| 2018-12-17T22:04:53.978109887Z | 37 | PC: 168d3 | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break') |
| 2018-12-17T22:04:53.979752124Z | 53 | PC: 168d8 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-17T22:04:53.981377647Z | 37 | PC: 168e8 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-17T22:04:53.984566364Z | 61 | PC: 167b8 | Open file (Filename = 'j���W��!/%�') |
| 2018-12-17T22:04:53.991851467Z | 9 | PC: 1614a | Display string (String= '�����3����*��C��]��l�ZY[X�PSVW��PO����������J�c��_^[X�PSVW��eO����������J�G��_^[X�PQVW���N
�t��������J�*��_^YX�PQV������J��^YX�PRV���z���K��^ZX�P�<') |
| 2018-12-17T22:04:53.999883702Z | 49 | PC: 16179 | Terminate and stay resident (Return code = '0' | Memory size = '826') |
