.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:49:45.396924301Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '159' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.406087045Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.419601405Z | 44 | PC: 15598 | Get time 0x15598: mov word ptr cs:[bp + 0x144], cx 0x1559d: mov word ptr cs:[bp + 0x146], dx 0x155a2: ret 0x155a3: mov ax, word ptr cs:[bp + 0x144] 0x155a8: mov bx, word ptr cs:[bp + 0x146] 0x155ad: mov cx, ax 0x155af: mul word ptr cs:[bp + 0x148] 0x155b4: shl cx, 1 0x155b6: shl cx, 1 0x155b8: shl cx, 1 0x155ba: add ch, cl 0x155bc: add dx, cx 0x155be: add dx, bx 0x155c0: shl bx, 1 0x155c2: shl bx, 1 0x155c4: add dx, bx 0x155c6: add dh, bl 0x155c8: mov cl, 5 0x155ca: shl bx, cl 0x155cc: add dh, bl |
| 2018-12-17T22:49:45.422492808Z | 26 | PC: 161e4 | Set disk transfer address |
| 2018-12-17T22:49:45.424496522Z | 53 | PC: 15661 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:49:45.429118336Z | 37 | PC: 15673 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:49:45.430729513Z | 71 | PC: 15791 | Get current directory |
| 2018-12-17T22:49:45.4342516Z | 78 | PC: 157b4 | Find first file |
| 2018-12-17T22:49:45.448184707Z | 61 | PC: 161fb | Open file (Filename = 'TEST.EXE') |
| 2018-12-17T22:49:45.456863042Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:45.460488263Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:45.464247936Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:45.467404968Z | 78 | PC: 157b4 | Find first file |
| 2018-12-17T22:49:45.47421395Z | 61 | PC: 161fb | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:49:45.486687786Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:45.494078912Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:45.497650532Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.516957084Z | 61 | PC: 161fb | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:49:45.524758481Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:45.528894993Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:45.534204589Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '207' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.535927796Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.54595779Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:45.555870945Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:45.566559797Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '207' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.568100121Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.578102333Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:45.580430006Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:45.588938702Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.600244853Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:45.604116066Z | 61 | PC: 161fb | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:49:45.611385594Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:45.618565142Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:45.622030383Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.634785527Z | 61 | PC: 161fb | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:49:45.6426593Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:45.647065438Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:45.651868863Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '215' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.653641082Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.665682205Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:45.675054213Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:45.685249878Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '215' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.687558536Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.697984793Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:45.699970845Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:45.708546707Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.71976327Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:45.731842615Z | 61 | PC: 161fb | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:49:45.73840842Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:45.745868135Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:45.748151325Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.757869664Z | 61 | PC: 161fb | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:49:45.765347062Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:45.76827323Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:45.772071586Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '137' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.774398387Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.785201835Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:45.793110643Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:45.80282276Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '137' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.80433981Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.814099416Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:45.81575155Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:45.823919446Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.833165066Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:45.835905004Z | 61 | PC: 161fb | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:49:45.842915936Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:45.849731651Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:45.851770792Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.861961338Z | 61 | PC: 161fb | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:49:45.868640687Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:45.871485622Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:45.875439611Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '203' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.877545026Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.885752697Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:45.893593777Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:45.90702432Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '203' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.908246807Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.91701484Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:45.919350649Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:45.927144301Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.936356499Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:45.939828642Z | 61 | PC: 161fb | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:49:45.946333233Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:45.95240983Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:45.954653926Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:45.964778267Z | 61 | PC: 161fb | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:49:45.971105034Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:45.973917888Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:45.979340677Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:45.98071024Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:45.989150897Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:45.997723263Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:46.007312549Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.008807207Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.018332944Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:46.020399987Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:46.028064677Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.03787544Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:46.041651925Z | 61 | PC: 161fb | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:49:46.048515851Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:46.05533394Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:46.05805908Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.068095135Z | 61 | PC: 161fb | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:49:46.074902574Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:46.079049946Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:46.083218979Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '198' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.084696465Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.096784526Z | 64 | PC: 17039 | Write file or device (Write 178979584 bytes on handle 5) |
| 2018-12-17T22:49:46.112013968Z | 64 | PC: 17060 | Write file or device (Write 178985522 bytes on handle 5) |
| 2018-12-17T22:49:46.132497763Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '198' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.134856234Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.145708573Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:46.147772801Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:46.158866723Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.172002863Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:46.175309376Z | 61 | PC: 161fb | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:49:46.187998075Z | 63 | PC: 157f6 | Read file or device (Read 178978871 bytes on handle 5) |
| 2018-12-17T22:49:46.196263063Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:46.198761527Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.209847064Z | 61 | PC: 161fb | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:49:46.219615607Z | 64 | PC: 161b0 | Write file or device (Write 178978819 bytes on handle 5) |
| 2018-12-17T22:49:46.225004963Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:46.23644772Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '214' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.241123224Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.264645988Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:46.274901877Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:46.285542729Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '214' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.287312383Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.303919645Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:46.306906516Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:46.31578146Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.326568736Z | 79 | PC: 157b4 | Find next file |
| 2018-12-17T22:49:46.329649875Z | 59 | PC: 156c4 | Change current directory |
| 2018-12-17T22:49:46.337862395Z | 81 | PC: 16796 | Get current PSP |
| 2018-12-17T22:49:46.340693243Z | 78 | PC: 156db | Find first file |
| 2018-12-17T22:49:46.347831975Z | 61 | PC: 161fb | Open file (Filename = 'C:\COMMAND.COM') |
| 2018-12-17T22:49:46.355888662Z | 63 | PC: 157f6 | Read file or device (Read 4278190135 bytes on handle 5) |
| 2018-12-17T22:49:46.359824467Z | 62 | PC: 157fa | Close file |
| 2018-12-17T22:49:46.366159769Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.704126569Z | 61 | PC: 161fb | Open file (Filename = 'C:\COMMAND.COM') |
| 2018-12-17T22:49:46.711241156Z | 64 | PC: 161b0 | Write file or device (Write 4278190083 bytes on handle 5) |
| 2018-12-17T22:49:46.715297797Z | 66 | PC: 161df | Move file pointer |
| 2018-12-17T22:49:46.730322526Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '223' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.732269744Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.744984222Z | 64 | PC: 17039 | Write file or device (Write 4278190848 bytes on handle 5) |
| 2018-12-17T22:49:46.761173418Z | 64 | PC: 17060 | Write file or device (Write 4278196786 bytes on handle 5) |
| 2018-12-17T22:49:46.77276223Z | 37 | PC: 16e67 | Set interrupt vector (Interrupt = '223' AKA 'UNKNOWN!') |
| 2018-12-17T22:49:46.778233219Z | 37 | PC: 16e82 | Set interrupt vector (Interrupt = '1' AKA 'Character input') |
| 2018-12-17T22:49:46.808749361Z | 87 | PC: 15f98 | Get or set file date and time |
| 2018-12-17T22:49:46.813071361Z | 62 | PC: 15f9c | Close file |
| 2018-12-17T22:49:46.824037464Z | 67 | PC: 16214 | Get or set file attributes |
| 2018-12-17T22:49:46.838769092Z | 42 | PC: 156f7 | Get date 0x156f7: cmp cx, word ptr cs:[bp + 0x1b32] 0x156fc: ja 0x15710 0x156fe: jl 0x15734 0x15700: cmp dh, byte ptr cs:[bp + 0x1b31] 0x15705: ja 0x15710 0x15707: jl 0x15734 0x15709: cmp dl, byte ptr cs:[bp + 0x1b30] 0x1570e: jl 0x15734 0x15710: pushaw 0x15711: call 0x2560b 0x15714: cmp ax, 0x32 0x15717: jl 0x15733 0x15719: mov word ptr cs:[bp + 0x142], ax 0x1571e: call 0x15721 0x15721: pop ax 0x15722: add ax, 0xe 0x15725: push ax 0x15726: mov ax, word ptr cs:[bp + 0x142] 0x1572b: jmp 0x15f5b 0x1572e: nop |
| 2018-12-17T22:49:46.842284356Z | 44 | PC: 1560f | Get time 0x1560f: mov al, cl 0x15611: cwde 0x15612: ret 0x15613: add word ptr [di], dx 0x15615: add dl, byte ptr ss:[bx + si - 0x1770] 0x1561a: js 0x1561b 0x1561c: cmp sp, 0x4a56 0x15620: jne 0x15629 0x15622: jmp 0x1579d 0x15625: movsb byte ptr es:[di], byte ptr [si] 0x15626: movsw word ptr es:[di], word ptr [si] 0x15627: jmp 0x15641 0x15629: lea si, word ptr [bp + 0x13ac] 0x1562d: mov di, 0x100 0x15630: push di 0x15631: jmp 0x15625 0x15633: sub ax, 0x5b2d 0x15636: and byte ptr [bp + si + 0x44], cl 0x15639: inc bx 0x1563a: and byte ptr [di + 0x2d], bl |