.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:47:21.656337265Z | 42 | PC: 12a7c | Get date 0x12a7c: mov word ptr [0xf2], dx 0x12a80: mov word ptr [0xf4], cx 0x12a84: stc 0x12a85: lea dx, word ptr [0x262] 0x12a89: mov ah, 0x4e 0x12a8b: mov cx, 0x20 0x12a8e: int 0x21 0x12a90: or ax, ax 0x12a92: je 0x12a97 0x12a94: jmp 0x12b61 0x12a97: mov ah, 0x2f 0x12a99: int 0x21 0x12a9b: mov ax, word ptr es:[bx + 0x1a] 0x12a9f: mov word ptr [0xfc], ax 0x12aa2: add bx, 0x1e 0x12aa5: mov word ptr [0xfe], bx 0x12aa9: mov ax, 0x4f43 0x12aac: sub ax, word ptr [0x9e] 0x12ab0: jne 0x12ab5 0x12ab2: jmp 0x12b55 |
| 2018-12-17T22:47:21.65913567Z | 78 | PC: 12a90 | Find first file |
| 2018-12-17T22:47:21.66776216Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:21.670731769Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:21.674514713Z | 61 | PC: 12af9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:47:21.6824836Z | 63 | PC: 12b07 | Read file or device (Read 407 bytes on handle 5) |
| 2018-12-17T22:47:21.691294799Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:21.719265789Z | 64 | PC: 12b4b | Write file or device (Write 770 bytes on handle 6) |
| 2018-12-17T22:47:21.739152013Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:21.75091398Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:21.755154348Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:21.756890605Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:21.761079739Z | 61 | PC: 12af9 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:47:21.775463935Z | 63 | PC: 12b07 | Read file or device (Read 27 bytes on handle 6) |
| 2018-12-17T22:47:21.783157141Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:21.798286905Z | 64 | PC: 12b4b | Write file or device (Write 390 bytes on handle 7) |
| 2018-12-17T22:47:21.803676723Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:21.813212388Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:21.816592956Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:21.81902619Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:21.823091652Z | 61 | PC: 12af9 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:47:21.840744442Z | 63 | PC: 12b07 | Read file or device (Read 92 bytes on handle 7) |
| 2018-12-17T22:47:21.848744383Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:21.863174495Z | 64 | PC: 12b4b | Write file or device (Write 455 bytes on handle 8) |
| 2018-12-17T22:47:21.867578344Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:21.894695634Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:21.897689123Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:21.899139377Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:21.902782854Z | 61 | PC: 12af9 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:47:21.932138527Z | 63 | PC: 12b07 | Read file or device (Read 29 bytes on handle 8) |
| 2018-12-17T22:47:21.952344583Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:21.969717337Z | 64 | PC: 12b4b | Write file or device (Write 392 bytes on handle 9) |
| 2018-12-17T22:47:21.975673063Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:21.985125948Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:21.988633514Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:21.990914791Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:21.994638014Z | 61 | PC: 12af9 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:47:22.007679812Z | 63 | PC: 12b07 | Read file or device (Read 29 bytes on handle 9) |
| 2018-12-17T22:47:22.015572321Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:22.030729066Z | 64 | PC: 12b4b | Write file or device (Write 392 bytes on handle 10) |
| 2018-12-17T22:47:22.035332541Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:22.045649852Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:22.048969639Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:22.05079684Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:22.055556868Z | 61 | PC: 12af9 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:47:22.069049167Z | 63 | PC: 12b07 | Read file or device (Read 501 bytes on handle 10) |
| 2018-12-17T22:47:22.07674435Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:22.091969589Z | 64 | PC: 12b4b | Write file or device (Write 864 bytes on handle 11) |
| 2018-12-17T22:47:22.101575979Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:22.111592626Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:22.116047934Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:22.118035735Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:22.122170585Z | 61 | PC: 12af9 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:47:22.135509355Z | 63 | PC: 12b07 | Read file or device (Read 29 bytes on handle 11) |
| 2018-12-17T22:47:22.144271151Z | 60 | PC: 12b39 | Create or truncate file |
| 2018-12-17T22:47:22.158962099Z | 64 | PC: 12b4b | Write file or device (Write 392 bytes on handle 12) |
| 2018-12-17T22:47:22.16354894Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:47:22.174138875Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:22.177898151Z | 47 | PC: 12a9b | Get disk transfer address |
| 2018-12-17T22:47:22.179747466Z | 43 | PC: 12af1 | Set date |
| 2018-12-17T22:47:22.184629803Z | 61 | PC: 12af9 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:47:22.19873855Z | 63 | PC: 12b07 | Read file or device (Read 5483 bytes on handle 12) |
| 2018-12-17T22:47:22.207283789Z | 79 | PC: 12b5a | Find next file |
| 2018-12-17T22:47:22.210147005Z | 43 | PC: 12b6d | Set date |
| 2018-12-17T22:47:22.216042698Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-17T22:47:22.222571362Z | 0 | PC: 12a89 | Program terminate |