.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:46:38.697139878Z | 48 | PC: 13e59 | Get DOS version |
| 2018-12-17T22:46:38.698892423Z | 47 | PC: 13e65 | Get disk transfer address |
| 2018-12-17T22:46:38.699927396Z | 26 | PC: 13e75 | Set disk transfer address |
| 2018-12-17T22:46:38.701365363Z | 78 | PC: 13ef7 | Find first file |
| 2018-12-17T22:46:38.707950651Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-17T22:46:38.713331742Z | 67 | PC: 13f41 | Get or set file attributes |
| 2018-12-17T22:46:38.729145693Z | 61 | PC: 13f4c | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:46:38.736368545Z | 87 | PC: 13f58 | Get or set file date and time |
| 2018-12-17T22:46:38.745893312Z | 44 | PC: 13f62 | Get time 0x13f62: and dh, 7
0x13f65: jmp 0x13f76
0x13f67: mov ah, 0x40
0x13f69: mov cx, 5
0x13f6c: mov dx, si
0x13f6e: add dx, 0x8a
0x13f72: int 0x21
0x13f74: jmp 0x13fd8
0x13f76: mov ah, 0x3f
0x13f78: mov cx, 3
0x13f7b: mov dx, 0xa
0x13f7e: nop
0x13f7f: add dx, si
0x13f81: int 0x21
0x13f83: jb 0x13fd8
0x13f85: cmp ax, 3
0x13f88: jne 0x13fd8
0x13f8a: mov ax, 0x4202
0x13f8d: mov cx, 0
0x13f90: mov dx, 0
|
| 2018-12-17T22:46:38.748089029Z | 63 | PC: 13f83 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:46:38.755004079Z | 66 | PC: 13f95 | Move file pointer |
| 2018-12-17T22:46:38.75651037Z | 64 | PC: 13fb8 | Write file or device (Write 23693 bytes on handle 5) |
| 2018-12-17T22:46:38.76578042Z | 66 | PC: 13fca | Move file pointer |
| 2018-12-17T22:46:38.770297205Z | 64 | PC: 13fd8 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:46:38.776289156Z | 87 | PC: 13fe9 | Get or set file date and time |
| 2018-12-17T22:46:38.777442445Z | 62 | PC: 13fed | Close file |
| 2018-12-17T22:46:38.782609329Z | 67 | PC: 13ffb | Get or set file attributes |
| 2018-12-17T22:46:38.79764215Z | 26 | PC: 14005 | Set disk transfer address |
| 2018-12-17T22:46:38.798998441Z | 37 | PC: 1403a | Set interrupt vector (Interrupt = '96' AKA 'Qualify filename') |
| 2018-12-17T22:46:38.800135461Z | 74 | PC: 46992 | Reallocate memory |
| 2018-12-17T22:46:38.805991114Z | 48 | PC: 469ea | Get DOS version |
| 2018-12-17T22:46:38.806997623Z | 53 | PC: 469f2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:46:38.808046119Z | 37 | PC: 46a04 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:46:38.809428248Z | 68 | PC: 46a88 | I/O control for devices (Set for = '��') |
| 2018-12-17T22:46:38.810678315Z | 68 | PC: 46a88 | I/O control for devices (Set for = '') |
| 2018-12-17T22:46:38.811894351Z | 68 | PC: 46a88 | I/O control for devices |
| 2018-12-17T22:46:38.813204709Z | 68 | PC: 46a88 | I/O control for devices |
| 2018-12-17T22:46:38.814649399Z | 68 | PC: 46a88 | I/O control for devices |
| 2018-12-17T22:46:38.8197409Z | 53 | PC: 4721a | Get interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive') |
| 2018-12-17T22:46:40.995055126Z | 37 | PC: 46b1d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:46:40.99664259Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long
') |
| 2018-12-17T22:46:41.000669183Z | 0 | PC: 12a89 | Program terminate |
