.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T21:54:02.978909619Z | 42 | PC: 12a7c | Get date 0x12a7c: mov word ptr [0xf2], dx 0x12a80: mov word ptr [0xf4], cx 0x12a84: stc 0x12a85: lea dx, word ptr [0x26d] 0x12a89: mov ah, 0x4e 0x12a8b: mov cx, 0x20 0x12a8e: int 0x21 0x12a90: or ax, ax 0x12a92: je 0x12a97 0x12a94: jmp 0x12b6c 0x12a97: mov ah, 0x2f 0x12a99: int 0x21 0x12a9b: mov ax, word ptr es:[bx + 0x1a] 0x12a9f: mov word ptr [0xfc], ax 0x12aa2: add bx, 0x1e 0x12aa5: mov word ptr [0xfe], bx 0x12aa9: mov ax, 0x4f43 0x12aac: sub ax, word ptr [0x9e] 0x12ab0: jne 0x12ab5 0x12ab2: jmp 0x12b60 |
| 2018-12-17T21:54:02.9808285Z | 78 | PC: 12a90 | Find first file |
| 2018-12-17T21:54:02.986653967Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:02.987675255Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:02.997469583Z | 61 | PC: 12af9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T21:54:03.008610848Z | 63 | PC: 12b07 | Read file or device (Read 407 bytes on handle 5) |
| 2018-12-17T21:54:03.014993661Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.033561259Z | 64 | PC: 12b56 | Write file or device (Write 781 bytes on handle 6) |
| 2018-12-17T21:54:03.039511027Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.045036356Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.058112644Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.059006542Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.061329792Z | 61 | PC: 12af9 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T21:54:03.068923173Z | 63 | PC: 12b07 | Read file or device (Read 27 bytes on handle 6) |
| 2018-12-17T21:54:03.073299033Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.081067774Z | 64 | PC: 12b56 | Write file or device (Write 401 bytes on handle 7) |
| 2018-12-17T21:54:03.083437348Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.089020273Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.091064166Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.091940804Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.094845861Z | 61 | PC: 12af9 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T21:54:03.104584127Z | 63 | PC: 12b07 | Read file or device (Read 92 bytes on handle 7) |
| 2018-12-17T21:54:03.111622145Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.124309168Z | 64 | PC: 12b56 | Write file or device (Write 466 bytes on handle 8) |
| 2018-12-17T21:54:03.127781482Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.135592713Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.139136298Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.140277093Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.143684192Z | 61 | PC: 12af9 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T21:54:03.161345761Z | 63 | PC: 12b07 | Read file or device (Read 29 bytes on handle 8) |
| 2018-12-17T21:54:03.167831287Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.179696573Z | 64 | PC: 12b56 | Write file or device (Write 403 bytes on handle 9) |
| 2018-12-17T21:54:03.185058239Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.193279545Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.196358712Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.198740538Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.202125986Z | 61 | PC: 12af9 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T21:54:03.213810958Z | 63 | PC: 12b07 | Read file or device (Read 29 bytes on handle 9) |
| 2018-12-17T21:54:03.22140089Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.233583051Z | 64 | PC: 12b56 | Write file or device (Write 403 bytes on handle 10) |
| 2018-12-17T21:54:03.237491134Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.24637572Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.250314925Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.251848552Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.25604723Z | 61 | PC: 12af9 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T21:54:03.262475242Z | 63 | PC: 12b07 | Read file or device (Read 501 bytes on handle 10) |
| 2018-12-17T21:54:03.269500623Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.282048093Z | 64 | PC: 12b56 | Write file or device (Write 875 bytes on handle 11) |
| 2018-12-17T21:54:03.290384062Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.298805353Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.302308361Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.303793134Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.307425423Z | 61 | PC: 12af9 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T21:54:03.319373826Z | 63 | PC: 12b07 | Read file or device (Read 29 bytes on handle 11) |
| 2018-12-17T21:54:03.325865901Z | 60 | PC: 12b44 | Create or truncate file |
| 2018-12-17T21:54:03.340117416Z | 64 | PC: 12b56 | Write file or device (Write 403 bytes on handle 12) |
| 2018-12-17T21:54:03.344303278Z | 62 | PC: 12b5a | Close file |
| 2018-12-17T21:54:03.353398116Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.355974481Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T21:54:03.357837346Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T21:54:03.361527638Z | 61 | PC: 12af9 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T21:54:03.373722908Z | 63 | PC: 12b07 | Read file or device (Read 5494 bytes on handle 12) |
| 2018-12-17T21:54:03.382597669Z | 79 | PC: 12b65 | Find next file |
| 2018-12-17T21:54:03.385114768Z | 43 | PC: 12b78 | Set date |
| 2018-12-17T21:54:03.388948651Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-17T21:54:03.394919546Z | 0 | PC: 12a89 | Program terminate |