.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T21:54:18.156420831Z | 42 | PC: 12aac | Get date 0x12aac: mov word ptr [0xf2], dx 0x12ab0: mov word ptr [0xf4], cx 0x12ab4: stc 0x12ab5: mov dx, 0x2a2 0x12ab8: mov ah, 0x4e 0x12aba: mov cx, 0x20 0x12abd: int 0x21 0x12abf: or ax, ax 0x12ac1: je 0x12ac6 0x12ac3: jmp 0x12b9b 0x12ac6: mov ah, 0x2f 0x12ac8: int 0x21 0x12aca: mov ax, word ptr es:[bx + 0x1a] 0x12ace: mov word ptr [0xfc], ax 0x12ad1: add bx, 0x1e 0x12ad4: mov word ptr [0xfe], bx 0x12ad8: mov ax, 0x4f43 0x12adb: sub ax, word ptr [0x9e] 0x12adf: jne 0x12ae4 0x12ae1: jmp 0x12b8f |
| 2018-12-17T21:54:18.160789122Z | 78 | PC: 12abf | Find first file |
| 2018-12-17T21:54:18.170723364Z | 47 | PC: 12aca | Get disk transfer address |
| 2018-12-17T21:54:18.172173614Z | 43 | PC: 12b20 | Set date |
| 2018-12-17T21:54:18.176377452Z | 61 | PC: 12b28 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T21:54:18.188010886Z | 63 | PC: 12b36 | Read file or device (Read 407 bytes on handle 5) |
| 2018-12-17T21:54:18.194495353Z | 60 | PC: 12b73 | Create or truncate file |
| 2018-12-17T21:54:18.213566927Z | 64 | PC: 12b85 | Write file or device (Write 834 bytes on handle 6) |
| 2018-12-17T21:54:18.221749947Z | 62 | PC: 12b89 | Close file |
| 2018-12-17T21:54:18.229702098Z | 43 | PC: 12ba7 | Set date |
| 2018-12-17T21:54:18.233102093Z | 43 | PC: 12bae | Set date |
| 2018-12-17T21:54:18.236992265Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |