.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:22:20.928788378Z | 53 | PC: 12a6c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:22:20.93182556Z | 37 | PC: 12a80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:22:20.933619656Z | 47 | PC: 12a85 | Get disk transfer address |
| 2018-12-17T22:22:20.935448915Z | 26 | PC: 12a97 | Set disk transfer address |
| 2018-12-17T22:22:20.93718804Z | 25 | PC: 12a9b | Get default drive |
| 2018-12-17T22:22:20.939732765Z | 71 | PC: 12aa8 | Get current directory |
| 2018-12-17T22:22:20.943372181Z | 14 | PC: 12abe | Set default drive (Drive = 'C') |
| 2018-12-17T22:22:20.945181581Z | 59 | PC: 12c5e | Change current directory |
| 2018-12-17T22:22:20.950013636Z | 44 | PC: 12ac5 | Get time 0x12ac5: shr dl, 1 0x12ac7: shr dl, 1 0x12ac9: add dl, 0x40 0x12acc: mov byte ptr [bp + 0x238], dl 0x12ad0: xor bx, bx 0x12ad2: mov ah, 0x4e 0x12ad4: lea dx, word ptr [bp + 0x238] 0x12ad8: mov cx, 0x11 0x12adb: int 0x21 0x12add: jae 0x12afb 0x12adf: mov al, byte ptr [bp + 0x238] 0x12ae3: inc al 0x12ae5: cmp al, 0x5a 0x12ae7: jbe 0x12aeb 0x12ae9: sub al, 0x1a 0x12aeb: mov byte ptr [bp + 0x238], al 0x12aef: inc bh 0x12af1: cmp bh, 0x1b 0x12af4: je 0x12aa8 0x12af6: jmp 0x12ad2 |
| 2018-12-17T22:22:20.952447383Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.959207774Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.966053284Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.972055885Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.978640593Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.985613005Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.992151491Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:20.998102918Z | 78 | PC: 12add | Find first file |
| 2018-12-17T22:22:21.004861832Z | 59 | PC: 12b02 | Change current directory |
| 2018-12-17T22:22:21.014413275Z | 78 | PC: 12b0d | Find first file |
| 2018-12-17T22:22:21.025092356Z | 67 | PC: 12b6b | Get or set file attributes |
| 2018-12-17T22:22:21.032761093Z | 67 | PC: 12b78 | Get or set file attributes |
| 2018-12-17T22:22:21.464161842Z | 61 | PC: 12b80 | Open file (Filename = 'WIN.COM') |
| 2018-12-17T22:22:21.472208065Z | 87 | PC: 12b86 | Get or set file date and time |
| 2018-12-17T22:22:21.474101632Z | 44 | PC: 12b99 | Get time 0x12b99: or dx, dx 0x12b9b: je 0x12b95 0x12b9d: mov word ptr [bp + 0x24f], dx 0x12ba1: mov ah, 0x3f 0x12ba3: lea dx, word ptr [bp + 0x22f] 0x12ba7: mov cx, 3 0x12baa: int 0x21 0x12bac: mov ax, 0x4202 0x12baf: xor cx, cx 0x12bb1: cdq 0x12bb2: int 0x21 0x12bb4: sub ax, 3 0x12bb7: mov word ptr cs:[0xfa79], ax 0x12bbb: mov byte ptr cs:[0xfa78], 0xe9 0x12bc1: nop 0x12bc2: nop 0x12bc3: nop 0x12bc4: lea si, word ptr [bp - 5] 0x12bc7: nop 0x12bc8: mov di, 0xfb2c |
| 2018-12-17T22:22:21.477691699Z | 63 | PC: 12bac | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:22:21.484051684Z | 66 | PC: 12bb4 | Move file pointer |
| 2018-12-17T22:22:21.485548908Z | 64 | PC: 12be4 | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-17T22:22:21.495943709Z | 66 | PC: 12bec | Move file pointer |
| 2018-12-17T22:22:21.497988012Z | 64 | PC: 12bfc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:22:21.501539804Z | 87 | PC: 12c11 | Get or set file date and time |
| 2018-12-17T22:22:21.505047158Z | 62 | PC: 12c15 | Close file |
| 2018-12-17T22:22:21.513991391Z | 67 | PC: 12c22 | Get or set file attributes |
| 2018-12-17T22:22:21.524738177Z | 14 | PC: 12c68 | Set default drive (Drive = 'A') |
| 2018-12-17T22:22:21.527363935Z | 59 | PC: 12c5e | Change current directory |
| 2018-12-17T22:22:21.53194082Z | 59 | PC: 12c70 | Change current directory |
| 2018-12-17T22:22:21.53412672Z | 37 | PC: 12c3b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:22:21.535483609Z | 26 | PC: 12c4b | Set disk transfer address |