.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:41:36.121965217Z | 42 | PC: 14574 | Get date 0x14574: mov byte ptr ds:[bp + 0x37b], dl
0x14579: mov byte ptr ds:[bp + 0x37a], dh
0x1457e: mov byte ptr ds:[bp + 0x379], al
0x14583: cmp al, 1
0x14585: jne 0x1458a
0x14587: call 0x146fe
0x1458a: cmp al, 0
0x1458c: je 0x14598
0x1458e: mov di, 0x100
0x14591: lea si, word ptr [bp + 0x2e6]
0x14595: push di
0x14596: movsw word ptr es:[di], word ptr [si]
0x14597: movsw word ptr es:[di], word ptr [si]
0x14598: lea dx, word ptr [bp + 0x3bc]
0x1459c: call 0x146ae
0x1459f: jmp 0x14699
0x145a2: cmp byte ptr ds:[bp + 0x37b], 0x1b
0x145a8: jne 0x145b5
0x145aa: call 0x145dc
0x145ad: cmp byte ptr ds:[bp + 0x37a], 6
|
| 2018-12-17T22:41:36.124475021Z | 67 | PC: 14706 | Get or set file attributes |
| 2018-12-17T22:41:36.127140798Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.129300544Z | 61 | PC: 14742 | Open file (Filename = '') |
| 2018-12-17T22:41:36.131903012Z | 87 | PC: 14716 | Get or set file date and time |
| 2018-12-17T22:41:36.138069033Z | 64 | PC: 14722 | Write file or device (Write 16 bytes on handle 2) |
| 2018-12-17T22:41:36.143217533Z | 87 | PC: 14729 | Get or set file date and time |
| 2018-12-17T22:41:36.144553031Z | 61 | PC: 1472d | Open file (Filename = '}�:u�����߀�@�') |
| 2018-12-17T22:41:36.150906485Z | 67 | PC: 14734 | Get or set file attributes |
| 2018-12-17T22:41:36.15341176Z | 26 | PC: 146b2 | Set disk transfer address |
| 2018-12-17T22:41:36.157287549Z | 78 | PC: 146a4 | Find first file |
| 2018-12-17T22:41:36.166316147Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.172534817Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.189852674Z | 61 | PC: 14742 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:41:36.197795952Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.202266599Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.21037038Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.211944857Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.214982863Z | 64 | PC: 146f3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:41:36.217767333Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.219167092Z | 44 | PC: 1464a | Get time 0x1464a: mov word ptr ds:[bp + 0x3a7], dx
0x1464f: mov cx, 0x12
0x14652: lea di, word ptr [bp + 0x3e7]
0x14656: lea si, word ptr [bp + 0x3a9]
0x1465a: push cx
0x1465b: push si
0x1465c: rep movsb byte ptr es:[di], byte ptr [si]
0x1465e: cmp byte ptr ds:[bp + 0x379], 0
0x14664: jne 0x14672
0x14666: mov cx, 0xd
0x14669: lea si, word ptr [bp + 0x266]
0x1466d: rep movsb byte ptr es:[di], byte ptr [si]
0x1466f: jmp 0x1467b
0x14671: nop
0x14672: mov cx, 0xb
0x14675: lea si, word ptr [bp + 0x16b]
0x14679: rep movsb byte ptr es:[di], byte ptr [si]
0x1467b: pop si
0x1467c: pop cx
0x1467d: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:41:36.221975456Z | 64 | PC: 14861 | Write file or device (Write 696 bytes on handle 5) |
| 2018-12-17T22:41:36.231141482Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.233011224Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.555723322Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.56615814Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.56921365Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.576947365Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.58869001Z | 61 | PC: 14742 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:41:36.595891917Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.598437969Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.605603266Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.607289624Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.616321488Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.627240195Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.630460364Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.636541856Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.650913879Z | 61 | PC: 14742 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:41:36.657822856Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.659313586Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.667155795Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.668727436Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.670401581Z | 64 | PC: 146f3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:41:36.674657685Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.676195343Z | 44 | PC: 1464a | Get time 0x1464a: mov word ptr ds:[bp + 0x3a7], dx
0x1464f: mov cx, 0x12
0x14652: lea di, word ptr [bp + 0x3e7]
0x14656: lea si, word ptr [bp + 0x3a9]
0x1465a: push cx
0x1465b: push si
0x1465c: rep movsb byte ptr es:[di], byte ptr [si]
0x1465e: cmp byte ptr ds:[bp + 0x379], 0
0x14664: jne 0x14672
0x14666: mov cx, 0xd
0x14669: lea si, word ptr [bp + 0x266]
0x1466d: rep movsb byte ptr es:[di], byte ptr [si]
0x1466f: jmp 0x1467b
0x14671: nop
0x14672: mov cx, 0xb
0x14675: lea si, word ptr [bp + 0x16b]
0x14679: rep movsb byte ptr es:[di], byte ptr [si]
0x1467b: pop si
0x1467c: pop cx
0x1467d: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:41:36.679029466Z | 64 | PC: 14861 | Write file or device (Write 696 bytes on handle 5) |
| 2018-12-17T22:41:36.688711911Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.690580471Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.699081237Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.710405797Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.713400552Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.72041179Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.731303978Z | 61 | PC: 14742 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:41:36.739166996Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.741188393Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.748562874Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.751499189Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.759786294Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.770609191Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.774631947Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.780842852Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.791835559Z | 61 | PC: 14742 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:41:36.799828661Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.801271801Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.806657377Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.808450384Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.814891102Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.822866551Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.825718007Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.830246081Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.843129669Z | 61 | PC: 14742 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:41:36.855872182Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.859448028Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.866522235Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.868369324Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.870702627Z | 64 | PC: 146f3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:41:36.873646066Z | 66 | PC: 146b8 | Move file pointer |
| 2018-12-17T22:41:36.875200254Z | 44 | PC: 1464a | Get time 0x1464a: mov word ptr ds:[bp + 0x3a7], dx
0x1464f: mov cx, 0x12
0x14652: lea di, word ptr [bp + 0x3e7]
0x14656: lea si, word ptr [bp + 0x3a9]
0x1465a: push cx
0x1465b: push si
0x1465c: rep movsb byte ptr es:[di], byte ptr [si]
0x1465e: cmp byte ptr ds:[bp + 0x379], 0
0x14664: jne 0x14672
0x14666: mov cx, 0xd
0x14669: lea si, word ptr [bp + 0x266]
0x1466d: rep movsb byte ptr es:[di], byte ptr [si]
0x1466f: jmp 0x1467b
0x14671: nop
0x14672: mov cx, 0xb
0x14675: lea si, word ptr [bp + 0x16b]
0x14679: rep movsb byte ptr es:[di], byte ptr [si]
0x1467b: pop si
0x1467c: pop cx
0x1467d: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:41:36.877634125Z | 64 | PC: 14861 | Write file or device (Write 696 bytes on handle 5) |
| 2018-12-17T22:41:36.885450105Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.886861055Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.893899375Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.905857925Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.909268942Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.915990997Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.927740415Z | 61 | PC: 14742 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:41:36.935802407Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.937249235Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:36.945127822Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:36.946759767Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:36.954402071Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.966063564Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:36.969307236Z | 67 | PC: 145fa | Get or set file attributes |
| 2018-12-17T22:41:36.975467747Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:36.989310797Z | 61 | PC: 14742 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:41:36.996679647Z | 87 | PC: 1460a | Get or set file date and time |
| 2018-12-17T22:41:36.998283529Z | 63 | PC: 14617 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:41:37.006321947Z | 87 | PC: 1468c | Get or set file date and time |
| 2018-12-17T22:41:37.008072024Z | 62 | PC: 14690 | Close file |
| 2018-12-17T22:41:37.015613318Z | 67 | PC: 1473a | Get or set file attributes |
| 2018-12-17T22:41:37.026671848Z | 79 | PC: 146a4 | Find next file |
| 2018-12-17T22:41:37.029328308Z | 26 | PC: 146b2 | Set disk transfer address |
| 2018-12-17T22:41:37.030900511Z | 99 | PC: 13f00 | Get DBCS lead byte table pointer |
| 2018-12-17T22:41:37.033287163Z | 68 | PC: 13f1a | I/O control for devices (Set for = '') |
| 2018-12-17T22:41:37.034879373Z | 68 | PC: 13f25 | I/O control for devices (Set for = 'M��') |
| 2018-12-17T22:41:37.037073154Z | 68 | PC: 13f30 | I/O control for devices (Set for = '') |
| 2018-12-17T22:41:37.038661788Z | 68 | PC: 13f38 | I/O control for devices (Set for = '��') |
| 2018-12-17T22:41:37.040981786Z | 48 | PC: 13f3d | Get DOS version |
| 2018-12-17T22:41:37.042711825Z | 64 | PC: 141b6 | Write file or device (Write 23 bytes on handle 2) |
| 2018-12-17T22:41:37.047606468Z | 76 | PC: 12d4f | Terminate with return code (Return code = '2') |
