.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:15:12.693411841Z | 53 | PC: 12ad5 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:15:12.695482354Z | 37 | PC: 12ade | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-17T22:15:12.69785846Z | 53 | PC: 12ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:15:12.699007285Z | 37 | PC: 12af5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:15:12.700081986Z | 26 | PC: 12aff | Set disk transfer address |
| 2018-12-17T22:15:12.702104169Z | 71 | PC: 12b23 | Get current directory |
| 2018-12-17T22:15:12.705331509Z | 78 | PC: 12c1a | Find first file |
| 2018-12-17T22:15:12.711424789Z | 78 | PC: 12c1a | Find first file |
| 2018-12-17T22:15:12.723256098Z | 61 | PC: 12c12 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:15:12.736106606Z | 63 | PC: 12c35 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-17T22:15:12.743022282Z | 62 | PC: 12c38 | Close file |
| 2018-12-17T22:15:12.74513315Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:15:12.75564774Z | 67 | PC: 12df8 | Get or set file attributes |
| 2018-12-17T22:15:12.774059882Z | 44 | PC: 12c88 | Get time 0x12c88: mov word ptr ds:[bp + 0x117], cx 0x12c8d: mov al, 2 0x12c8f: call 0x22c0b 0x12c92: cmp byte ptr ds:[bp + 0x54e], 0 0x12c98: jne 0x12cc2 0x12c9a: lea di, word ptr [bp + 0x2c7] 0x12c9e: lea si, word ptr [bp + 0x504] 0x12ca2: movsw word ptr es:[di], word ptr [si] 0x12ca3: movsw word ptr es:[di], word ptr [si] 0x12ca4: mov ax, word ptr ds:[bp + 0x53c] 0x12ca9: sub ax, 3 0x12cac: mov byte ptr ds:[bp + 0x504], 0xe9 0x12cb2: mov word ptr ds:[bp + 0x505], ax 0x12cb7: mov byte ptr ds:[bp + 0x507], 6 0x12cbd: mov cx, 4 0x12cc0: jmp 0x12d34 0x12cc2: push bx 0x12cc3: push word ptr ds:[bp + 0x53e] 0x12cc8: push word ptr ds:[bp + 0x53c] 0x12ccd: lea di, word ptr [bp + 0x2af] |
| 2018-12-17T22:15:12.776632891Z | 61 | PC: 12c12 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:15:12.784345124Z | 64 | PC: 12d3b | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:15:12.787180238Z | 66 | PC: 12d7f | Move file pointer |
| 2018-12-17T22:15:12.789119876Z | 64 | PC: 12eaa | Write file or device (Write 960 bytes on handle 5) |
| 2018-12-17T22:15:12.80319407Z | 87 | PC: 12d67 | Get or set file date and time |
| 2018-12-17T22:15:12.805053218Z | 62 | PC: 12d6a | Close file |
| 2018-12-17T22:15:12.813205817Z | 67 | PC: 12df8 | Get or set file attributes |
| 2018-12-17T22:15:12.823888371Z | 79 | PC: 12c67 | Find next file |
| 2018-12-17T22:15:12.826734923Z | 61 | PC: 12c12 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:15:12.833180471Z | 63 | PC: 12c35 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-17T22:15:12.84009074Z | 62 | PC: 12c38 | Close file |
| 2018-12-17T22:15:12.84236449Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:15:12.844334884Z | 67 | PC: 12df8 | Get or set file attributes |
| 2018-12-17T22:15:12.85499197Z | 44 | PC: 12c88 | Get time 0x12c88: mov word ptr ds:[bp + 0x117], cx 0x12c8d: mov al, 2 0x12c8f: call 0x22c0b 0x12c92: cmp byte ptr ds:[bp + 0x54e], 0 0x12c98: jne 0x12cc2 0x12c9a: lea di, word ptr [bp + 0x2c7] 0x12c9e: lea si, word ptr [bp + 0x504] 0x12ca2: movsw word ptr es:[di], word ptr [si] 0x12ca3: movsw word ptr es:[di], word ptr [si] 0x12ca4: mov ax, word ptr ds:[bp + 0x53c] 0x12ca9: sub ax, 3 0x12cac: mov byte ptr ds:[bp + 0x504], 0xe9 0x12cb2: mov word ptr ds:[bp + 0x505], ax 0x12cb7: mov byte ptr ds:[bp + 0x507], 6 0x12cbd: mov cx, 4 0x12cc0: jmp 0x12d34 0x12cc2: push bx 0x12cc3: push word ptr ds:[bp + 0x53e] 0x12cc8: push word ptr ds:[bp + 0x53c] 0x12ccd: lea di, word ptr [bp + 0x2af] |
| 2018-12-17T22:15:12.85920436Z | 61 | PC: 12c12 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:15:12.866308914Z | 64 | PC: 12d3b | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:15:12.869544409Z | 66 | PC: 12d7f | Move file pointer |
| 2018-12-17T22:15:12.871816232Z | 64 | PC: 12eaa | Write file or device (Write 960 bytes on handle 5) |
| 2018-12-17T22:15:12.880885653Z | 87 | PC: 12d67 | Get or set file date and time |
| 2018-12-17T22:15:12.882911883Z | 62 | PC: 12d6a | Close file |
| 2018-12-17T22:15:12.891209174Z | 67 | PC: 12df8 | Get or set file attributes |
| 2018-12-17T22:15:12.900797741Z | 79 | PC: 12c67 | Find next file |
| 2018-12-17T22:15:12.903378981Z | 61 | PC: 12c12 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:15:12.910888111Z | 63 | PC: 12c35 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-17T22:15:12.91711553Z | 62 | PC: 12c38 | Close file |
| 2018-12-17T22:15:12.918864934Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:15:12.920940759Z | 67 | PC: 12df8 | Get or set file attributes |
| 2018-12-17T22:15:12.93101182Z | 44 | PC: 12c88 | Get time 0x12c88: mov word ptr ds:[bp + 0x117], cx 0x12c8d: mov al, 2 0x12c8f: call 0x22c0b 0x12c92: cmp byte ptr ds:[bp + 0x54e], 0 0x12c98: jne 0x12cc2 0x12c9a: lea di, word ptr [bp + 0x2c7] 0x12c9e: lea si, word ptr [bp + 0x504] 0x12ca2: movsw word ptr es:[di], word ptr [si] 0x12ca3: movsw word ptr es:[di], word ptr [si] 0x12ca4: mov ax, word ptr ds:[bp + 0x53c] 0x12ca9: sub ax, 3 0x12cac: mov byte ptr ds:[bp + 0x504], 0xe9 0x12cb2: mov word ptr ds:[bp + 0x505], ax 0x12cb7: mov byte ptr ds:[bp + 0x507], 6 0x12cbd: mov cx, 4 0x12cc0: jmp 0x12d34 0x12cc2: push bx 0x12cc3: push word ptr ds:[bp + 0x53e] 0x12cc8: push word ptr ds:[bp + 0x53c] 0x12ccd: lea di, word ptr [bp + 0x2af] |
| 2018-12-17T22:15:12.933118951Z | 61 | PC: 12c12 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:15:12.945420504Z | 64 | PC: 12d3b | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:15:12.952123061Z | 66 | PC: 12d7f | Move file pointer |
| 2018-12-17T22:15:12.954403219Z | 64 | PC: 12eaa | Write file or device (Write 960 bytes on handle 5) |
| 2018-12-17T22:15:12.963791776Z | 87 | PC: 12d67 | Get or set file date and time |
| 2018-12-17T22:15:12.97401572Z | 62 | PC: 12d6a | Close file |
| 2018-12-17T22:15:12.981875934Z | 67 | PC: 12df8 | Get or set file attributes |
| 2018-12-17T22:15:12.992581425Z | 59 | PC: 12b57 | Change current directory |
| 2018-12-17T22:15:12.997008895Z | 44 | PC: 12b5b | Get time 0x12b5b: or dl, dl 0x12b5d: je 0x12b67 0x12b5f: cmp byte ptr ds:[bp + 0x2b7], 7 0x12b65: jl 0x12bb1 0x12b67: mov ax, 0x3508 0x12b6a: int3 0x12b6b: mov word ptr ds:[bp + 0x44b], es 0x12b70: mov word ptr ds:[bp + 0x449], bx 0x12b75: pop es 0x12b76: push es 0x12b77: mov bx, 0xffff 0x12b7a: mov ah, 0x4a 0x12b7c: int3 0x12b7d: sub bx, 0xa 0x12b80: mov ah, 0x4a 0x12b82: int3 0x12b83: jb 0x12bb1 0x12b85: mov ah, 0x48 0x12b87: mov bx, 9 0x12b8a: int3 |
| 2018-12-17T22:15:12.999624243Z | 37 | PC: 12bbb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:15:13.001991285Z | 26 | PC: 12bc3 | Set disk transfer address |