.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:40:08.339622381Z | 53 | PC: 12a79 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:40:08.342209102Z | 37 | PC: 12a8d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:40:08.343765385Z | 26 | PC: 12a94 | Set disk transfer address |
| 2018-12-17T22:40:08.345186339Z | 25 | PC: 12a98 | Get default drive |
| 2018-12-17T22:40:08.346706301Z | 71 | PC: 12aa5 | Get current directory |
| 2018-12-17T22:40:08.375066273Z | 14 | PC: 12abb | Set default drive (Drive = 'C') |
| 2018-12-17T22:40:08.376845582Z | 59 | PC: 12c45 | Change current directory |
| 2018-12-17T22:40:08.382510707Z | 44 | PC: 12ac2 | Get time 0x12ac2: shr dl, 1 0x12ac4: shr dl, 1 0x12ac6: add dl, 0x40 0x12ac9: mov byte ptr [bp + 0x220], dl 0x12acd: xor bx, bx 0x12acf: mov ah, 0x4e 0x12ad1: lea dx, word ptr [bp + 0x220] 0x12ad5: mov cx, 0x11 0x12ad8: int 0x21 0x12ada: jae 0x12af7 0x12adc: mov al, byte ptr [bp + 0x220] 0x12ae0: inc al 0x12ae2: cmp al, 0x5a 0x12ae4: jbe 0x12ae8 0x12ae6: sub al, 0x1a 0x12ae8: mov byte ptr [bp + 0x220], al 0x12aec: inc bh 0x12aee: cmp bh, 0x1b 0x12af1: je 0x12aa5 0x12af3: jmp 0x12acf |
| 2018-12-17T22:40:08.386263627Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.393029545Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.400033005Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.406770163Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.413037999Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.419394169Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.426216179Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.43263085Z | 78 | PC: 12ada | Find first file |
| 2018-12-17T22:40:08.438737823Z | 59 | PC: 12afe | Change current directory |
| 2018-12-17T22:40:08.449422146Z | 78 | PC: 12b09 | Find first file |
| 2018-12-17T22:40:08.459796522Z | 67 | PC: 12b65 | Get or set file attributes |
| 2018-12-17T22:40:08.467262429Z | 67 | PC: 12b72 | Get or set file attributes |
| 2018-12-17T22:40:08.807822153Z | 61 | PC: 12b7a | Open file (Filename = 'WIN.COM') |
| 2018-12-17T22:40:08.816378341Z | 87 | PC: 12b80 | Get or set file date and time |
| 2018-12-17T22:40:08.818296521Z | 44 | PC: 12b93 | Get time 0x12b93: or dx, dx 0x12b95: je 0x12b8f 0x12b97: mov word ptr [bp + 0x255], dx 0x12b9b: mov ah, 0x3f 0x12b9d: lea dx, word ptr [bp + 0x217] 0x12ba1: mov cx, 3 0x12ba4: int 0x21 0x12ba6: mov ax, 0x4202 0x12ba9: xor cx, cx 0x12bab: cdq 0x12bac: int 0x21 0x12bae: sub ax, 3 0x12bb1: mov word ptr cs:[0xfa79], ax 0x12bb5: mov byte ptr cs:[0xfa78], 0xe9 0x12bbb: nop 0x12bbc: nop 0x12bbd: nop 0x12bbe: lea si, word ptr [bp - 5] 0x12bc1: mov di, 0xfb2c 0x12bc4: mov cx, 0x262 |
| 2018-12-17T22:40:08.821023861Z | 63 | PC: 12ba6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:40:08.829061503Z | 66 | PC: 12bae | Move file pointer |
| 2018-12-17T22:40:08.831631008Z | 64 | PC: 12bda | Write file or device (Write 610 bytes on handle 5) |
| 2018-12-17T22:40:08.852067636Z | 66 | PC: 12be2 | Move file pointer |
| 2018-12-17T22:40:08.854530905Z | 64 | PC: 12bec | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:40:08.858288222Z | 87 | PC: 12c01 | Get or set file date and time |
| 2018-12-17T22:40:08.860526515Z | 62 | PC: 12c05 | Close file |
| 2018-12-17T22:40:08.869449733Z | 67 | PC: 12c12 | Get or set file attributes |
| 2018-12-17T22:40:08.880226799Z | 14 | PC: 12c4f | Set default drive (Drive = 'A') |
| 2018-12-17T22:40:08.882171659Z | 59 | PC: 12c45 | Change current directory |
| 2018-12-17T22:40:08.888428409Z | 59 | PC: 12c57 | Change current directory |
| 2018-12-17T22:40:08.892781186Z | 37 | PC: 12c2b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:40:08.89515745Z | 26 | PC: 12c33 | Set disk transfer address |