.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:28:42.489908407Z | 25 | PC: 12a73 | Get default drive |
| 2018-12-17T22:28:42.49188268Z | 14 | PC: 12a7a | Set default drive (Drive = 'C') |
| 2018-12-17T22:28:42.493496399Z | 71 | PC: 12a84 | Get current directory |
| 2018-12-17T22:28:42.496140018Z | 78 | PC: 12a8b | Find first file |
| 2018-12-17T22:28:42.502094793Z | 78 | PC: 12a94 | Find first file |
| 2018-12-17T22:28:42.50781851Z | 67 | PC: 12a9e | Get or set file attributes |
| 2018-12-17T22:28:42.512902872Z | 67 | PC: 12aa6 | Get or set file attributes |
| 2018-12-17T22:28:42.854526784Z | 61 | PC: 12aae | Open file (Filename = 'COMMAND.COM') |
| 2018-12-17T22:28:42.861979551Z | 87 | PC: 12ab6 | Get or set file date and time |
| 2018-12-17T22:28:42.863571143Z | 64 | PC: 12a52 | Write file or device (Write 666 bytes on handle 5) |
| 2018-12-17T22:28:42.870912754Z | 87 | PC: 12ac8 | Get or set file date and time |
| 2018-12-17T22:28:42.872819756Z | 62 | PC: 12acc | Close file |
| 2018-12-17T22:28:42.879796543Z | 67 | PC: 12ad5 | Get or set file attributes |
| 2018-12-17T22:28:42.889269113Z | 79 | PC: 12a94 | Find next file |
| 2018-12-17T22:28:42.892744036Z | 59 | PC: 12ae0 | Change current directory |
| 2018-12-17T22:28:42.896219182Z | 44 | PC: 12ae6 | Get time 0x12ae6: cmp dl, 0x32 0x12ae9: ja 0x12b0a 0x12aeb: jmp 0x12aed 0x12aed: mov ah, 9 0x12aef: mov dx, 0x325 0x12af2: int 0x21 0x12af4: mov ah, 0x2c 0x12af6: int 0x21 0x12af8: cmp dl, 0xa 0x12afb: ja 0x12b0a 0x12afd: jmp 0x12aff 0x12aff: cli 0x12b00: mov ah, 2 0x12b02: cdq 0x12b03: mov cx, 0x100 0x12b06: int 0x26 0x12b08: jmp 0x12b0a 0x12b0a: pop dx 0x12b0b: mov ah, 0xe 0x12b0d: int 0x21 |
| 2018-12-17T22:28:42.898231752Z | 14 | PC: 12b0f | Set default drive (Drive = 'A') |
| 2018-12-17T22:28:42.903436225Z | 59 | PC: 12b17 | Change current directory |
| 2018-12-17T22:28:42.90519732Z | 76 | PC: 12b1b | Terminate with return code (Return code = '3') |