.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:16:08.340254331Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.34316877Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T23:16:08.345199056Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T23:16:08.347087906Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:16:08.34895771Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.351699434Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.353189144Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T23:16:08.354606799Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T23:16:08.357065139Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T23:16:08.358779231Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T23:16:08.360710511Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T23:16:08.363871122Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T23:16:08.366238181Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T23:16:08.367646167Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T23:16:08.370764839Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T23:16:08.37265942Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T23:16:08.374672724Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T23:16:08.376507643Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.379223027Z | 53 | PC: 1306a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T23:16:08.380713449Z | 37 | PC: 1307f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.382116886Z | 37 | PC: 13087 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.384697136Z | 37 | PC: 1308f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.386802824Z | 37 | PC: 13097 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.388671106Z | 68 | PC: 13d41 | I/O control for devices (Set for = '����&��������') |
| 2018-12-17T23:16:08.391588409Z | 48 | PC: 13952 | Get DOS version |
| 2018-12-17T23:16:08.393130297Z | 61 | PC: 13790 | Open file (Filename = 'A:\TEST.EXE') |
| 2018-12-17T23:16:08.400678785Z | 63 | PC: 13863 | Read file or device (Read 5808 bytes on handle 5) |
| 2018-12-17T23:16:08.409639999Z | 66 | PC: 138c2 | Move file pointer |
| 2018-12-17T23:16:08.411395559Z | 66 | PC: 13ee2 | Move file pointer |
| 2018-12-17T23:16:08.412997951Z | 66 | PC: 13ef0 | Move file pointer |
| 2018-12-17T23:16:08.419657378Z | 66 | PC: 13efe | Move file pointer |
| 2018-12-17T23:16:08.422211399Z | 63 | PC: 13863 | Read file or device (Read 5120 bytes on handle 5) |
| 2018-12-17T23:16:08.432131644Z | 62 | PC: 137e0 | Close file |
| 2018-12-17T23:16:08.4352629Z | 60 | PC: 13790 | Create or truncate file |
| 2018-12-17T23:16:08.452946297Z | 64 | PC: 13863 | Write file or device (Write 5120 bytes on handle 5) |
| 2018-12-17T23:16:08.46210923Z | 62 | PC: 137e0 | Close file |
| 2018-12-17T23:16:08.47144601Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.473141507Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.474649952Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T23:16:08.476916342Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T23:16:08.47886271Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T23:16:08.480352951Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T23:16:08.481816532Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:16:08.483854002Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:16:08.485117477Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.486559196Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.489602577Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.490906859Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.492108818Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T23:16:08.494327207Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T23:16:08.49555223Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T23:16:08.496809854Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T23:16:08.498672906Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T23:16:08.499977037Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T23:16:08.501175459Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T23:16:08.502467257Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T23:16:08.50405383Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T23:16:08.505356278Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T23:16:08.506579858Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T23:16:08.508850035Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T23:16:08.510048908Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T23:16:08.511266276Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T23:16:08.513397782Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T23:16:08.514628395Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T23:16:08.515852957Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T23:16:08.518063993Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T23:16:08.519297662Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T23:16:08.520551318Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T23:16:08.522522523Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T23:16:08.524108675Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T23:16:08.525436581Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.526920359Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.528642917Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T23:16:08.529882567Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T23:16:08.531367799Z | 41 | PC: 12f9f | Parse filename |
| 2018-12-17T23:16:08.533882696Z | 41 | PC: 12fad | Parse filename |
| 2018-12-17T23:16:08.535339464Z | 75 | PC: 12fb8 | Execute program |
| 2018-12-17T23:16:08.550461127Z | 9 | PC: 53915 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long
') |
| 2018-12-17T23:16:08.556732485Z | 0 | PC: 53919 | Program terminate |
| 2018-12-17T23:16:08.560299168Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.562538808Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.565379087Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T23:16:08.566826648Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T23:16:08.568022485Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T23:16:08.570061367Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T23:16:08.571558371Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:16:08.572753688Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:16:08.573975174Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.575573458Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.577080731Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.578614905Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.580591209Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T23:16:08.582883287Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T23:16:08.584334255Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T23:16:08.586993804Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T23:16:08.588469738Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T23:16:08.589984545Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T23:16:08.592185532Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T23:16:08.594169471Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T23:16:08.595645355Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T23:16:08.597362713Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T23:16:08.599536078Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T23:16:08.601042139Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T23:16:08.602501512Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T23:16:08.604823366Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T23:16:08.606213309Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T23:16:08.607575088Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T23:16:08.610103882Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T23:16:08.611455782Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T23:16:08.61283242Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T23:16:08.615674492Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T23:16:08.618421696Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T23:16:08.619902659Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T23:16:08.622087295Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.623609857Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.625001924Z | 53 | PC: 12fe8 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T23:16:08.626494379Z | 37 | PC: 12ff1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T23:16:08.629055282Z | 65 | PC: 138d9 | Delete file (Filename = '�����') |
| 2018-12-17T23:16:08.642209227Z | 44 | PC: 13e78 | Get time 0x13e78: mov word ptr [0x4c], cx
0x13e7c: mov word ptr [0x4e], dx
0x13e80: retf
0x13e81: call 0x13ec8
0x13e84: jb 0x13e95
0x13e86: mov cx, word ptr es:[di + 4]
0x13e8a: cmp cx, 1
0x13e8d: je 0x13e95
0x13e8f: xor bx, bx
0x13e91: push cs
0x13e92: call 0x23a04
0x13e95: retf 4
0x13e98: call 0x13ec8
0x13e9b: jb 0x13eb0
0x13e9d: mov ax, cx
0x13e9f: mov dx, bx
0x13ea1: mov cx, word ptr es:[di + 4]
0x13ea5: cmp cx, 1
0x13ea8: je 0x13eb0
0x13eaa: xor bx, bx
|
| 2018-12-17T23:16:08.645105831Z | 26 | PC: 12ee7 | Set disk transfer address |
| 2018-12-17T23:16:08.647378292Z | 78 | PC: 12ef3 | Find first file |
| 2018-12-17T23:16:08.653370185Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.654574799Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.658585377Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.659859682Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.662854742Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.665074534Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.668273968Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.669458535Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.673678125Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.677960385Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.681488286Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.683704772Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.686907722Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.688068955Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.692050609Z | 26 | PC: 12f0b | Set disk transfer address |
| 2018-12-17T23:16:08.693602406Z | 79 | PC: 12f10 | Find next file |
| 2018-12-17T23:16:08.697268616Z | 64 | PC: 136eb | Write file or device (Write 0 bytes on handle 1) |
| 2018-12-17T23:16:08.700263626Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T23:16:08.701691951Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '2' AKA 'Character output') |
| 2018-12-17T23:16:08.702987566Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive') |
| 2018-12-17T23:16:08.705035094Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:16:08.706574127Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T23:16:08.708060882Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:16:08.710984086Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer') |
| 2018-12-17T23:16:08.712686646Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector') |
| 2018-12-17T23:16:08.714214548Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space') |
| 2018-12-17T23:16:08.716576918Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character') |
| 2018-12-17T23:16:08.718458124Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info') |
| 2018-12-17T23:16:08.719973152Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory') |
| 2018-12-17T23:16:08.722581014Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory') |
| 2018-12-17T23:16:08.723768455Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory') |
| 2018-12-17T23:16:08.724997075Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file') |
| 2018-12-17T23:16:08.726699404Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '61' AKA 'Open file') |
| 2018-12-17T23:16:08.729235973Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '62' AKA 'Close file') |
| 2018-12-17T23:16:08.730808107Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device') |
| 2018-12-17T23:16:08.732382226Z | 37 | PC: 131c1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!') |
| 2018-12-17T23:16:08.735574216Z | 76 | PC: 13200 | Terminate with return code (Return code = '0') |
