.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:48:56.186012681Z | 53 | PC: 12a70 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:48:56.18791753Z | 37 | PC: 12a84 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:48:56.191096322Z | 47 | PC: 12a8a | Get disk transfer address |
| 2018-12-17T22:48:56.19306974Z | 26 | PC: 12a9c | Set disk transfer address |
| 2018-12-17T22:48:56.194959932Z | 25 | PC: 12aa0 | Get default drive |
| 2018-12-17T22:48:56.198680803Z | 71 | PC: 12aad | Get current directory |
| 2018-12-17T22:48:56.202413136Z | 14 | PC: 12ac3 | Set default drive (Drive = 'C') |
| 2018-12-17T22:48:56.204041535Z | 59 | PC: 12c5e | Change current directory |
| 2018-12-17T22:48:56.215910937Z | 44 | PC: 12aca | Get time 0x12aca: shr dl, 1 0x12acc: shr dl, 1 0x12ace: add dl, 0x40 0x12ad1: mov byte ptr [bp + 0x234], dl 0x12ad5: xor bx, bx 0x12ad7: mov ah, 0x4e 0x12ad9: lea dx, word ptr [bp + 0x234] 0x12add: mov cx, 0x11 0x12ae0: int 0x21 0x12ae2: jae 0x12b00 0x12ae4: mov al, byte ptr [bp + 0x234] 0x12ae8: inc al 0x12aea: cmp al, 0x5a 0x12aec: jbe 0x12af0 0x12aee: sub al, 0x1a 0x12af0: mov byte ptr [bp + 0x234], al 0x12af4: inc bh 0x12af6: cmp bh, 0x1b 0x12af9: je 0x12aad 0x12afb: jmp 0x12ad7 |
| 2018-12-17T22:48:56.218968842Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.225275311Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.231440355Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.238622499Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.244734132Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.251783347Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.258819236Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.265531528Z | 78 | PC: 12ae2 | Find first file |
| 2018-12-17T22:48:56.271810365Z | 59 | PC: 12b07 | Change current directory |
| 2018-12-17T22:48:56.282395323Z | 78 | PC: 12b12 | Find first file |
| 2018-12-17T22:48:56.292501262Z | 67 | PC: 12b70 | Get or set file attributes |
| 2018-12-17T22:48:56.300793522Z | 67 | PC: 12b7d | Get or set file attributes |
| 2018-12-17T22:48:56.64821029Z | 61 | PC: 12b85 | Open file (Filename = 'WIN.COM') |
| 2018-12-17T22:48:56.660853635Z | 87 | PC: 12b8c | Get or set file date and time |
| 2018-12-17T22:48:56.663713739Z | 44 | PC: 12ba3 | Get time 0x12ba3: or dx, dx 0x12ba5: je 0x12b9f 0x12ba7: mov word ptr [bp + 0x2c9], dx 0x12bab: mov ah, 0x3f 0x12bad: lea dx, word ptr [bp + 0x22b] 0x12bb1: mov cx, 3 0x12bb4: int 0x21 0x12bb6: mov ax, 0x4202 0x12bb9: xor cx, cx 0x12bbb: xor dx, dx 0x12bbd: int 0x21 0x12bbf: sub ax, 3 0x12bc2: mov word ptr cs:[0xfafb], ax 0x12bc6: mov byte ptr cs:[0xfafa], 0xe9 0x12bcc: lea si, word ptr [bp - 3] 0x12bcf: nop 0x12bd0: mov di, 0xfbf4 0x12bd3: mov cx, 0x2d0 0x12bd6: cld 0x12bd7: rep movsb byte ptr es:[di], byte ptr [si] |
| 2018-12-17T22:48:56.667715919Z | 63 | PC: 12bb6 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:48:56.67517328Z | 66 | PC: 12bbf | Move file pointer |
| 2018-12-17T22:48:56.677155374Z | 64 | PC: 12be9 | Write file or device (Write 720 bytes on handle 5) |
| 2018-12-17T22:48:56.685508499Z | 66 | PC: 12bf2 | Move file pointer |
| 2018-12-17T22:48:56.695749922Z | 64 | PC: 12bfc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:48:56.699495129Z | 87 | PC: 12c11 | Get or set file date and time |
| 2018-12-17T22:48:56.705064663Z | 62 | PC: 12c15 | Close file |
| 2018-12-17T22:48:56.72853468Z | 67 | PC: 12c22 | Get or set file attributes |
| 2018-12-17T22:48:56.749840342Z | 14 | PC: 12c68 | Set default drive (Drive = 'A') |
| 2018-12-17T22:48:56.752025858Z | 59 | PC: 12c5e | Change current directory |
| 2018-12-17T22:48:56.758789707Z | 59 | PC: 12c70 | Change current directory |
| 2018-12-17T22:48:56.761891574Z | 37 | PC: 12c3b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:48:56.763903695Z | 26 | PC: 12c4b | Set disk transfer address |