.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:06:19.592835853Z | 61 | PC: 147e5 | Open file (Filename = 'C:\WINDOWS\KEYB.SYS') |
| 2018-12-17T23:06:19.609221489Z | 61 | PC: 147e5 | Open file (Filename = 'C:\DOS\KEYB.SYS') |
| 2018-12-17T23:06:19.622799237Z | 61 | PC: 147e5 | Open file (Filename = 'C:\KEYB.SYS') |
| 2018-12-17T23:06:19.629915537Z | 60 | PC: 147e5 | Create or truncate file |
| 2018-12-17T23:06:19.988226921Z | 64 | PC: 14819 | Write file or device (Write 28 bytes on handle 5) |
| 2018-12-17T23:06:19.997652361Z | 64 | PC: 14828 | Write file or device (Write 18 bytes on handle 5) |
| 2018-12-17T23:06:20.001452787Z | 64 | PC: 14828 | Write file or device (Write 18 bytes on handle 5) |
| 2018-12-17T23:06:20.006112026Z | 64 | PC: 14828 | Write file or device (Write 18 bytes on handle 5) |
| 2018-12-17T23:06:20.010515866Z | 64 | PC: 14828 | Write file or device (Write 18 bytes on handle 5) |
| 2018-12-17T23:06:20.013988835Z | 64 | PC: 14828 | Write file or device (Write 18 bytes on handle 5) |
| 2018-12-17T23:06:20.017469259Z | 64 | PC: 1483b | Write file or device (Write 2 bytes on handle 5) |
| 2018-12-17T23:06:20.030491112Z | 62 | PC: 1483f | Close file |
| 2018-12-17T23:06:20.051453984Z | 61 | PC: 145e5 | Open file (Filename = 'C:\TORPASS.DAT') |
| 2018-12-17T23:06:20.058433597Z | 48 | PC: 143ad | Get DOS version |
| 2018-12-17T23:06:20.061412857Z | 82 | PC: 14426 | Get DOS internal pointers (SYSVARS) |
| 2018-12-17T23:06:20.064196712Z | 250 | PC: 14420 | UNKNOWN! |
| 2018-12-17T23:06:20.065703825Z | 48 | PC: 14455 | Get DOS version |
| 2018-12-17T23:06:20.069683908Z | 61 | PC: 145e5 | Open file (Filename = '�� ') |
| 2018-12-17T23:06:20.078448306Z | 53 | PC: 14484 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:06:20.080403382Z | 53 | PC: 1449c | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-17T23:06:20.082661728Z | 53 | PC: 144b4 | Get interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-17T23:06:20.085389837Z | 37 | PC: 1458f | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:06:20.087409384Z | 37 | PC: 14596 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-17T23:06:20.089461291Z | 37 | PC: 1459d | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-17T23:06:20.092519772Z | 61 | PC: 146d1 | Open file (Filename = '.��n�.�6j�.��l�.�6h�.��j�.�6|�.��h��.�>��') |
| 2018-12-17T23:06:20.098349372Z | 61 | PC: 146d1 | Open file (Filename = '|�.��h��.�>��') |
| 2018-12-17T23:06:20.103950693Z | 61 | PC: 146d1 | Open file (Filename = '.�h�-�') |
| 2018-12-17T23:06:20.110375993Z | 9 | PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=000017D4h/0000006100d bytes.
') |
| 2018-12-17T23:06:20.11907589Z | 48 | PC: 12a8f | Get DOS version |
| 2018-12-17T23:06:20.12122437Z | 54 | PC: 9d9f6 | Get free disk space |
| 2018-12-17T23:06:20.132866779Z | 53 | PC: 9d9f6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:06:20.134744258Z | 37 | PC: 9d9f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:06:20.1370323Z | 67 | PC: 9d9f6 | Get or set file attributes |
| 2018-12-17T23:06:20.149371178Z | 67 | PC: 9d9f6 | Get or set file attributes |
| 2018-12-17T23:06:20.174010432Z | 61 | PC: 9d9f6 | Open file (Filename = '�') |
| 2018-12-17T23:06:20.183530331Z | 87 | PC: 9d9f6 | Get or set file date and time |
| 2018-12-17T23:06:20.186562963Z | 66 | PC: 9d9f6 | Move file pointer |
| 2018-12-17T23:06:20.18856651Z | 63 | PC: 9d9f6 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:06:20.196375351Z | 66 | PC: 9d9f6 | Move file pointer |
| 2018-12-17T23:06:20.198560169Z | 63 | PC: 9d9f6 | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T23:06:20.202350805Z | 87 | PC: 9d9f6 | Get or set file date and time |
| 2018-12-17T23:06:20.204442097Z | 62 | PC: 9d9f6 | Close file |
| 2018-12-17T23:06:20.222396483Z | 67 | PC: 9d9f6 | Get or set file attributes |
| 2018-12-17T23:06:20.243045185Z | 37 | PC: 9d9f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:06:20.245000692Z | 61 | PC: 12b5c | Open file (Filename = '�') |
| 2018-12-17T23:06:20.253902037Z | 93 | PC: 12afe | File sharing functions |
| 2018-12-17T23:06:20.258566657Z | 9 | PC: 12a86 | Display string (String= 'Size change=2D47h/11591d.
') |
| 2018-12-17T23:06:20.264012937Z | 76 | PC: 12ae3 | Terminate with return code (Return code = '1') |
