.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:33:02.424348853Z | 26 | PC: 12a73 | Set disk transfer address |
| 2018-12-17T22:33:02.439919536Z | 37 | PC: 12a81 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:33:02.441468399Z | 37 | PC: 12a85 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input') |
| 2018-12-17T22:33:02.442802139Z | 78 | PC: 12ad1 | Find first file |
| 2018-12-17T22:33:02.448799139Z | 61 | PC: 12c1e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:33:02.456288612Z | 63 | PC: 12c2d | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:33:02.47487051Z | 66 | PC: 12c3c | Move file pointer |
| 2018-12-17T22:33:02.476456652Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-17T22:33:02.479152319Z | 64 | PC: 12c57 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:33:02.482306309Z | 66 | PC: 12c63 | Move file pointer |
| 2018-12-17T22:33:02.484216132Z | 44 | PC: 12c67 | Get time 0x12c67: mov byte ptr [bp + 0x34a], dl
0x12c6b: call 0x12c81
0x12c6e: mov ah, 0x40
0x12c70: mov cx, 0x24a
0x12c73: lea dx, word ptr [bp + 0x106]
0x12c77: int 0x21
0x12c79: call 0x12c81
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: ret
0x12c81: lea si, word ptr [bp + 0x120]
0x12c85: mov cx, 0x20b
0x12c88: xor byte ptr [si], 0
0x12c8b: inc si
0x12c8c: dec cx
0x12c8d: jne 0x12c88
0x12c8f: ret
0x12c90: add word ptr [bx], di
0x12c92: aas
0x12c93: aas
|
| 2018-12-17T22:33:02.487697625Z | 64 | PC: 12c79 | Write file or device (Write 586 bytes on handle 5) |
| 2018-12-17T22:33:02.502208983Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:33:02.510229895Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T22:33:02.513459186Z | 61 | PC: 12c1e | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:33:02.520158132Z | 63 | PC: 12c2d | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:33:02.526503491Z | 66 | PC: 12c3c | Move file pointer |
| 2018-12-17T22:33:02.528472731Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-17T22:33:02.529891171Z | 64 | PC: 12c57 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:33:02.533250837Z | 66 | PC: 12c63 | Move file pointer |
| 2018-12-17T22:33:02.535607309Z | 44 | PC: 12c67 | Get time 0x12c67: mov byte ptr [bp + 0x34a], dl
0x12c6b: call 0x12c81
0x12c6e: mov ah, 0x40
0x12c70: mov cx, 0x24a
0x12c73: lea dx, word ptr [bp + 0x106]
0x12c77: int 0x21
0x12c79: call 0x12c81
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: ret
0x12c81: lea si, word ptr [bp + 0x120]
0x12c85: mov cx, 0x20b
0x12c88: xor byte ptr [si], 0x49
0x12c8b: inc si
0x12c8c: dec cx
0x12c8d: jne 0x12c88
0x12c8f: ret
0x12c90: add word ptr [bx], di
0x12c92: aas
0x12c93: aas
|
| 2018-12-17T22:33:02.538853527Z | 64 | PC: 12c79 | Write file or device (Write 586 bytes on handle 5) |
| 2018-12-17T22:33:02.547268054Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:33:02.565932963Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T22:33:02.569418118Z | 61 | PC: 12c1e | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:33:02.590513326Z | 63 | PC: 12c2d | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:33:02.597429864Z | 66 | PC: 12c3c | Move file pointer |
| 2018-12-17T22:33:02.599611435Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-17T22:33:02.605456873Z | 64 | PC: 12c57 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:33:02.608339631Z | 66 | PC: 12c63 | Move file pointer |
| 2018-12-17T22:33:02.610398735Z | 44 | PC: 12c67 | Get time 0x12c67: mov byte ptr [bp + 0x34a], dl
0x12c6b: call 0x12c81
0x12c6e: mov ah, 0x40
0x12c70: mov cx, 0x24a
0x12c73: lea dx, word ptr [bp + 0x106]
0x12c77: int 0x21
0x12c79: call 0x12c81
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: ret
0x12c81: lea si, word ptr [bp + 0x120]
0x12c85: mov cx, 0x20b
0x12c88: xor byte ptr [si], 0x4e
0x12c8b: inc si
0x12c8c: dec cx
0x12c8d: jne 0x12c88
0x12c8f: ret
0x12c90: add word ptr [bx], di
0x12c92: aas
0x12c93: aas
|
| 2018-12-17T22:33:02.613391588Z | 64 | PC: 12c79 | Write file or device (Write 586 bytes on handle 5) |
| 2018-12-17T22:33:02.621463674Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:33:02.630183333Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T22:33:02.633499459Z | 61 | PC: 12c1e | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:33:02.640159947Z | 63 | PC: 12c2d | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:33:02.647295513Z | 66 | PC: 12c3c | Move file pointer |
| 2018-12-17T22:33:02.652058667Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-17T22:33:02.653615768Z | 64 | PC: 12c57 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:33:02.656737466Z | 66 | PC: 12c63 | Move file pointer |
| 2018-12-17T22:33:02.658486122Z | 44 | PC: 12c67 | Get time 0x12c67: mov byte ptr [bp + 0x34a], dl
0x12c6b: call 0x12c81
0x12c6e: mov ah, 0x40
0x12c70: mov cx, 0x24a
0x12c73: lea dx, word ptr [bp + 0x106]
0x12c77: int 0x21
0x12c79: call 0x12c81
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: ret
0x12c81: lea si, word ptr [bp + 0x120]
0x12c85: mov cx, 0x20b
0x12c88: xor byte ptr [si], 0x54
0x12c8b: inc si
0x12c8c: dec cx
0x12c8d: jne 0x12c88
0x12c8f: ret
0x12c90: add word ptr [bx], di
0x12c92: aas
0x12c93: aas
|
| 2018-12-17T22:33:02.660746573Z | 64 | PC: 12c79 | Write file or device (Write 586 bytes on handle 5) |
| 2018-12-17T22:33:02.669875347Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:33:02.678557228Z | 79 | PC: 12ad1 | Find next file |
| 2018-12-17T22:33:02.681868425Z | 61 | PC: 12c1e | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:33:02.688717572Z | 63 | PC: 12c2d | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:33:02.695705964Z | 66 | PC: 12c3c | Move file pointer |
| 2018-12-17T22:33:02.697317765Z | 66 | PC: 12c4b | Move file pointer |
| 2018-12-17T22:33:02.699200758Z | 64 | PC: 12c57 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:33:02.702407337Z | 66 | PC: 12c63 | Move file pointer |
| 2018-12-17T22:33:02.704072712Z | 44 | PC: 12c67 | Get time 0x12c67: mov byte ptr [bp + 0x34a], dl
0x12c6b: call 0x12c81
0x12c6e: mov ah, 0x40
0x12c70: mov cx, 0x24a
0x12c73: lea dx, word ptr [bp + 0x106]
0x12c77: int 0x21
0x12c79: call 0x12c81
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: ret
0x12c81: lea si, word ptr [bp + 0x120]
0x12c85: mov cx, 0x20b
0x12c88: xor byte ptr [si], 0x54
0x12c8b: inc si
0x12c8c: dec cx
0x12c8d: jne 0x12c88
0x12c8f: ret
0x12c90: add word ptr [bx], di
0x12c92: aas
0x12c93: aas
|
| 2018-12-17T22:33:02.70692411Z | 64 | PC: 12c79 | Write file or device (Write 586 bytes on handle 5) |
| 2018-12-17T22:33:02.715988922Z | 62 | PC: 12c80 | Close file |
| 2018-12-17T22:33:02.722680703Z | 26 | PC: 12aeb | Set disk transfer address |
| 2018-12-17T22:33:02.723962206Z | 9 | PC: 12b03 | Display string (String= '�
win
TEMP=C:\WINDOWS\TEMP
���������������������������������������������������������������������������������������������������������� ������EY�����]�����&����� �������������P����!��5����H�-���!���!�0���T���� �!��DEBUGGING IS VERY ILLEGAL (NOT!)
�') |
| 2018-12-17T22:33:02.73083717Z | 19 | PC: 12b18 | Delete file |
| 2018-12-17T22:33:02.735167942Z | 9 | PC: 12b4b | Display string (String= '????????OV?�') |
