.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T21:58:41.142086385Z | 53 | PC: 12a76 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T21:58:41.14419208Z | 37 | PC: 12a8a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T21:58:41.145274137Z | 47 | PC: 12a8f | Get disk transfer address |
| 2018-12-17T21:58:41.146358709Z | 26 | PC: 12aa1 | Set disk transfer address |
| 2018-12-17T21:58:41.147906987Z | 25 | PC: 12aa5 | Get default drive |
| 2018-12-17T21:58:41.149020389Z | 71 | PC: 12ab2 | Get current directory |
| 2018-12-17T21:58:41.151832368Z | 14 | PC: 12ac8 | Set default drive (Drive = 'C') |
| 2018-12-17T21:58:41.153492732Z | 59 | PC: 12c5b | Change current directory |
| 2018-12-17T21:58:41.157643008Z | 44 | PC: 12acf | Get time 0x12acf: shr dl, 1 0x12ad1: shr dl, 1 0x12ad3: add dl, 0x40 0x12ad6: mov byte ptr [bp + 0x236], dl 0x12ada: xor bx, bx 0x12adc: mov ah, 0x4e 0x12ade: lea dx, word ptr [bp + 0x236] 0x12ae2: mov cx, 0x11 0x12ae5: int 0x21 0x12ae7: jae 0x12b04 0x12ae9: mov al, byte ptr [bp + 0x236] 0x12aed: inc al 0x12aef: cmp al, 0x5a 0x12af1: jbe 0x12af5 0x12af3: sub al, 0x1a 0x12af5: mov byte ptr [bp + 0x236], al 0x12af9: inc bh 0x12afb: cmp bh, 0x1b 0x12afe: je 0x12ab2 0x12b00: jmp 0x12adc |
| 2018-12-17T21:58:41.159734669Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.165864156Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.171099759Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.176049681Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.181670796Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.186777068Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.192524456Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.197914934Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.203226347Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.208287269Z | 78 | PC: 12ae7 | Find first file |
| 2018-12-17T21:58:41.213584383Z | 59 | PC: 12b0b | Change current directory |
| 2018-12-17T21:58:41.222737311Z | 78 | PC: 12b16 | Find first file |
| 2018-12-17T21:58:41.230858246Z | 67 | PC: 12b72 | Get or set file attributes |
| 2018-12-17T21:58:41.236315731Z | 67 | PC: 12b7f | Get or set file attributes |
| 2018-12-17T21:58:42.670124459Z | 61 | PC: 12b87 | Open file (Filename = 'WIN.COM') |
| 2018-12-17T21:58:42.676673539Z | 87 | PC: 12b8d | Get or set file date and time |
| 2018-12-17T21:58:42.678036695Z | 44 | PC: 12ba0 | Get time 0x12ba0: or dx, dx 0x12ba2: je 0x12b9c 0x12ba4: mov word ptr [bp + 0x25f], dx 0x12ba8: mov ah, 0x3f 0x12baa: lea dx, word ptr [bp + 0x22d] 0x12bae: mov cx, 3 0x12bb1: int 0x21 0x12bb3: mov ax, 0x4202 0x12bb6: xor cx, cx 0x12bb8: cdq 0x12bb9: int 0x21 0x12bbb: sub ax, 3 0x12bbe: mov word ptr cs:[0xfa79], ax 0x12bc2: mov byte ptr cs:[0xfa78], 0xe9 0x12bc8: nop 0x12bc9: nop 0x12bca: nop 0x12bcb: lea si, word ptr [bp - 5] 0x12bce: mov di, 0xfb2c 0x12bd1: mov cx, 0x27c |
| 2018-12-17T21:58:42.680792138Z | 63 | PC: 12bb3 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T21:58:42.718309615Z | 66 | PC: 12bbb | Move file pointer |
| 2018-12-17T21:58:42.723066498Z | 14 | PC: 13d54 | Set default drive (Drive = 'Y') |
| 2018-12-17T21:58:42.72476394Z | 46 | PC: 13d69 | Set verify flag |