.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T21:50:36.524197139Z | 26 | PC: 12a64 | Set disk transfer address |
| 2018-12-17T21:50:36.525602926Z | 78 | PC: 12a78 | Find first file |
| 2018-12-17T21:50:36.529327544Z | 61 | PC: 12c40 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T21:50:36.53558396Z | 63 | PC: 12c4f | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T21:50:36.541260165Z | 66 | PC: 12c5e | Move file pointer |
| 2018-12-17T21:50:36.542251397Z | 66 | PC: 12c6d | Move file pointer |
| 2018-12-17T21:50:36.543186524Z | 64 | PC: 12c79 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T21:50:36.546098306Z | 66 | PC: 12c85 | Move file pointer |
| 2018-12-17T21:50:36.547315285Z | 44 | PC: 12c89 | Get time 0x12c89: mov byte ptr [bp + 0x26c], dl 0x12c8d: call 0x12ca3 0x12c90: mov ah, 0x40 0x12c92: mov cx, 0x26c 0x12c95: lea dx, word ptr [bp + 6] 0x12c99: int 0x21 0x12c9b: call 0x12ca3 0x12c9e: mov ah, 0x3e 0x12ca0: int 0x21 0x12ca2: ret 0x12ca3: lea si, word ptr [bp + 0x11] 0x12ca7: mov cx, 0x23c 0x12caa: xor byte ptr [si], 0 0x12cad: inc si 0x12cae: dec cx 0x12caf: jne 0x12caa 0x12cb1: ret 0x12cb2: add word ptr [bx], di 0x12cb4: aas 0x12cb5: aas |
| 2018-12-17T21:50:36.549519663Z | 64 | PC: 12c9b | Write file or device (Write 620 bytes on handle 5) |
| 2018-12-17T21:50:36.56199501Z | 62 | PC: 12ca2 | Close file |
| 2018-12-17T21:50:36.571104599Z | 79 | PC: 12a78 | Find next file |
| 2018-12-17T21:50:36.572748153Z | 61 | PC: 12c40 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T21:50:36.577011999Z | 63 | PC: 12c4f | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T21:50:36.581052266Z | 66 | PC: 12c5e | Move file pointer |
| 2018-12-17T21:50:36.582027028Z | 66 | PC: 12c6d | Move file pointer |
| 2018-12-17T21:50:36.583174588Z | 64 | PC: 12c79 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T21:50:36.586097197Z | 66 | PC: 12c85 | Move file pointer |
| 2018-12-17T21:50:36.587270744Z | 44 | PC: 12c89 | Get time 0x12c89: mov byte ptr [bp + 0x26c], dl 0x12c8d: call 0x12ca3 0x12c90: mov ah, 0x40 0x12c92: mov cx, 0x26c 0x12c95: lea dx, word ptr [bp + 6] 0x12c99: int 0x21 0x12c9b: call 0x12ca3 0x12c9e: mov ah, 0x3e 0x12ca0: int 0x21 0x12ca2: ret 0x12ca3: lea si, word ptr [bp + 0x11] 0x12ca7: mov cx, 0x23c 0x12caa: xor byte ptr [si], 1 0x12cad: inc si 0x12cae: dec cx 0x12caf: jne 0x12caa 0x12cb1: ret 0x12cb2: add word ptr [bx], di 0x12cb4: aas 0x12cb5: aas |
| 2018-12-17T21:50:36.589381309Z | 64 | PC: 12c9b | Write file or device (Write 620 bytes on handle 5) |
| 2018-12-17T21:50:36.594858012Z | 62 | PC: 12ca2 | Close file |
| 2018-12-17T21:50:36.599903119Z | 79 | PC: 12a78 | Find next file |
| 2018-12-17T21:50:36.601493661Z | 61 | PC: 12c40 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T21:50:36.606097193Z | 63 | PC: 12c4f | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T21:50:36.610223378Z | 66 | PC: 12c5e | Move file pointer |
| 2018-12-17T21:50:36.611354141Z | 66 | PC: 12c6d | Move file pointer |
| 2018-12-17T21:50:36.612909292Z | 64 | PC: 12c79 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T21:50:36.61467686Z | 66 | PC: 12c85 | Move file pointer |
| 2018-12-17T21:50:36.615635933Z | 44 | PC: 12c89 | Get time 0x12c89: mov byte ptr [bp + 0x26c], dl 0x12c8d: call 0x12ca3 0x12c90: mov ah, 0x40 0x12c92: mov cx, 0x26c 0x12c95: lea dx, word ptr [bp + 6] 0x12c99: int 0x21 0x12c9b: call 0x12ca3 0x12c9e: mov ah, 0x3e 0x12ca0: int 0x21 0x12ca2: ret 0x12ca3: lea si, word ptr [bp + 0x11] 0x12ca7: mov cx, 0x23c 0x12caa: xor byte ptr [si], 7 0x12cad: inc si 0x12cae: dec cx 0x12caf: jne 0x12caa 0x12cb1: ret 0x12cb2: add word ptr [bx], di 0x12cb4: aas 0x12cb5: aas |
| 2018-12-17T21:50:36.617746553Z | 64 | PC: 12c9b | Write file or device (Write 620 bytes on handle 5) |
| 2018-12-17T21:50:36.622916997Z | 62 | PC: 12ca2 | Close file |
| 2018-12-17T21:50:36.630923935Z | 79 | PC: 12a78 | Find next file |
| 2018-12-17T21:50:36.633706837Z | 61 | PC: 12c40 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T21:50:36.639808Z | 63 | PC: 12c4f | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T21:50:36.645805717Z | 66 | PC: 12c5e | Move file pointer |
| 2018-12-17T21:50:36.647449279Z | 66 | PC: 12c6d | Move file pointer |
| 2018-12-17T21:50:36.648632491Z | 64 | PC: 12c79 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T21:50:36.65103794Z | 66 | PC: 12c85 | Move file pointer |
| 2018-12-17T21:50:36.652858293Z | 44 | PC: 12c89 | Get time 0x12c89: mov byte ptr [bp + 0x26c], dl 0x12c8d: call 0x12ca3 0x12c90: mov ah, 0x40 0x12c92: mov cx, 0x26c 0x12c95: lea dx, word ptr [bp + 6] 0x12c99: int 0x21 0x12c9b: call 0x12ca3 0x12c9e: mov ah, 0x3e 0x12ca0: int 0x21 0x12ca2: ret 0x12ca3: lea si, word ptr [bp + 0x11] 0x12ca7: mov cx, 0x23c 0x12caa: xor byte ptr [si], 7 0x12cad: inc si 0x12cae: dec cx 0x12caf: jne 0x12caa 0x12cb1: ret 0x12cb2: add word ptr [bx], di 0x12cb4: aas 0x12cb5: aas |
| 2018-12-17T21:50:36.655026326Z | 64 | PC: 12c9b | Write file or device (Write 620 bytes on handle 5) |
| 2018-12-17T21:50:36.663127989Z | 62 | PC: 12ca2 | Close file |
| 2018-12-17T21:50:36.671353726Z | 79 | PC: 12a78 | Find next file |
| 2018-12-17T21:50:36.674092787Z | 61 | PC: 12c40 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T21:50:36.680561648Z | 63 | PC: 12c4f | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T21:50:36.687204246Z | 66 | PC: 12c5e | Move file pointer |
| 2018-12-17T21:50:36.68845761Z | 66 | PC: 12c6d | Move file pointer |
| 2018-12-17T21:50:36.689691924Z | 64 | PC: 12c79 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T21:50:36.693360359Z | 66 | PC: 12c85 | Move file pointer |
| 2018-12-17T21:50:36.694599472Z | 44 | PC: 12c89 | Get time 0x12c89: mov byte ptr [bp + 0x26c], dl 0x12c8d: call 0x12ca3 0x12c90: mov ah, 0x40 0x12c92: mov cx, 0x26c 0x12c95: lea dx, word ptr [bp + 6] 0x12c99: int 0x21 0x12c9b: call 0x12ca3 0x12c9e: mov ah, 0x3e 0x12ca0: int 0x21 0x12ca2: ret 0x12ca3: lea si, word ptr [bp + 0x11] 0x12ca7: mov cx, 0x23c 0x12caa: xor byte ptr [si], 0xc 0x12cad: inc si 0x12cae: dec cx 0x12caf: jne 0x12caa 0x12cb1: ret 0x12cb2: add word ptr [bx], di 0x12cb4: aas 0x12cb5: aas |
| 2018-12-17T21:50:36.696707594Z | 64 | PC: 12c9b | Write file or device (Write 620 bytes on handle 5) |
| 2018-12-17T21:50:36.704956005Z | 62 | PC: 12ca2 | Close file |
| 2018-12-17T21:50:36.710474642Z | 79 | PC: 12a78 | Find next file |
| 2018-12-17T21:50:36.712961943Z | 61 | PC: 12c40 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T21:50:36.719632823Z | 63 | PC: 12c4f | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T21:50:36.725646696Z | 66 | PC: 12c5e | Move file pointer |
| 2018-12-17T21:50:36.727205346Z | 66 | PC: 12c6d | Move file pointer |
| 2018-12-17T21:50:36.729344322Z | 64 | PC: 12c79 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T21:50:36.73173193Z | 66 | PC: 12c85 | Move file pointer |
| 2018-12-17T21:50:36.732982245Z | 44 | PC: 12c89 | Get time 0x12c89: mov byte ptr [bp + 0x26c], dl 0x12c8d: call 0x12ca3 0x12c90: mov ah, 0x40 0x12c92: mov cx, 0x26c 0x12c95: lea dx, word ptr [bp + 6] 0x12c99: int 0x21 0x12c9b: call 0x12ca3 0x12c9e: mov ah, 0x3e 0x12ca0: int 0x21 0x12ca2: ret 0x12ca3: lea si, word ptr [bp + 0x11] 0x12ca7: mov cx, 0x23c 0x12caa: xor byte ptr [si], 0x12 0x12cad: inc si 0x12cae: dec cx 0x12caf: jne 0x12caa 0x12cb1: ret 0x12cb2: add word ptr [bx], di 0x12cb4: aas 0x12cb5: aas |
| 2018-12-17T21:50:36.735582573Z | 64 | PC: 12c9b | Write file or device (Write 620 bytes on handle 5) |
| 2018-12-17T21:50:36.74405657Z | 62 | PC: 12ca2 | Close file |
| 2018-12-17T21:50:36.751785019Z | 26 | PC: 12a88 | Set disk transfer address |
| 2018-12-17T21:50:36.753490277Z | 9 | PC: 12aa6 | Display string (Could not find end pointer) |