.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:07:36.148003705Z | 48 | PC: 12c39 | Get DOS version |
| 2018-12-17T23:07:36.150886073Z | 74 | PC: 12d1f | Reallocate memory |
| 2018-12-17T23:07:36.153929324Z | 53 | PC: 13343 | Get interrupt vector (Interrupt = '32' AKA 'Reserved') |
| 2018-12-17T23:07:36.155162223Z | 53 | PC: 13343 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:07:36.156674979Z | 74 | PC: 12dac | Reallocate memory |
| 2018-12-17T23:07:36.158993047Z | 88 | PC: 12db4 | case 0xGet or set allocation strateg: |
| 2018-12-17T23:07:36.160934719Z | 88 | PC: 12dbd | case 0xGet or set allocation strateg: |
| 2018-12-17T23:07:36.163370965Z | 72 | PC: 12dc8 | Allocate memory |
| 2018-12-17T23:07:36.165042666Z | 88 | PC: 12de1 | case 0xGet or set allocation strateg: |
| 2018-12-17T23:07:36.167525446Z | 42 | PC: 12dff | Get date 0x12dff: test dh, 1
0x12e02: jne 0x12e0d
0x12e04: test al, 1
0x12e06: je 0x12e0d
0x12e08: or byte ptr [bp + 0x127b], 0x80
0x12e0d: push cs
0x12e0e: pop ds
0x12e0f: pop ax
0x12e10: push ax
0x12e11: mov si, bp
0x12e13: mov es, ax
0x12e15: xor di, di
0x12e17: mov cx, 0x1372
0x12e1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12e1c: mov al, 0x1c
0x12e1e: call 0x1333f
0x12e21: pop ds
0x12e22: mov word ptr [0x782], bx
0x12e26: mov word ptr [0x784], es
0x12e2a: mov word ptr [0x553], 0x9c6
|
| 2018-12-17T23:07:36.170078981Z | 53 | PC: 13343 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-17T23:07:36.171483856Z | 37 | PC: 13348 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:07:36.172741629Z | 37 | PC: 13348 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-17T23:07:36.173917511Z | 37 | PC: 13348 | Set interrupt vector (Interrupt = '32' AKA 'Reserved') |
| 2018-12-17T23:07:36.176186025Z | 37 | PC: 13348 | Set interrupt vector (Interrupt = '39' AKA 'Random block read') |
| 2018-12-17T23:07:36.177330474Z | 74 | PC: 12e60 | Reallocate memory |
| 2018-12-17T23:07:36.179058237Z | 88 | PC: 12e6c | case 0xGet or set allocation strateg: |
| 2018-12-17T23:07:36.194871974Z | 88 | PC: 14204 | case 0xGet or set allocation strateg: |
| 2018-12-17T23:07:36.198383049Z | 250 | PC: 1421c | UNKNOWN! |
| 2018-12-17T23:07:36.199224442Z | 47 | PC: 14220 | Get disk transfer address |
| 2018-12-17T23:07:36.20150409Z | 26 | PC: 1422f | Set disk transfer address |
| 2018-12-17T23:07:36.202725025Z | 71 | PC: 14238 | Get current directory |
| 2018-12-17T23:07:36.206246288Z | 53 | PC: 148ab | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:36.208021858Z | 37 | PC: 146e0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:36.218256854Z | 59 | PC: 146e5 | Change current directory |
| 2018-12-17T23:07:36.220758712Z | 67 | PC: 146ee | Get or set file attributes |
| 2018-12-17T23:07:36.564899502Z | 61 | PC: 142c0 | Open file (Filename = '���驆�F��!') |
| 2018-12-17T23:07:36.573641155Z | 87 | PC: 14326 | Get or set file date and time |
| 2018-12-17T23:07:36.575252213Z | 63 | PC: 14339 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-17T23:07:36.5786337Z | 66 | PC: 146c9 | Move file pointer |
| 2018-12-17T23:07:36.591874742Z | 64 | PC: 151f3 | Write file or device (Write 4564 bytes on handle 5) |
| 2018-12-17T23:07:36.898272262Z | 66 | PC: 146c9 | Move file pointer |
| 2018-12-17T23:07:36.900959148Z | 64 | PC: 146d6 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:07:36.90475466Z | 87 | PC: 14467 | Get or set file date and time |
| 2018-12-17T23:07:36.906468297Z | 87 | PC: 14472 | Get or set file date and time |
| 2018-12-17T23:07:36.908300953Z | 62 | PC: 1447a | Close file |
| 2018-12-17T23:07:36.917787854Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.92489599Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.931814934Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.939966196Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.946972075Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.953921422Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.962491057Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.969787264Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.976737554Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.984466137Z | 78 | PC: 14494 | Find first file |
| 2018-12-17T23:07:36.991762956Z | 59 | PC: 146e5 | Change current directory |
| 2018-12-17T23:07:36.996682272Z | 59 | PC: 146e5 | Change current directory |
| 2018-12-17T23:07:36.999098858Z | 37 | PC: 146e0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:37.002039719Z | 26 | PC: 144d0 | Set disk transfer address |
| 2018-12-17T23:07:37.003933675Z | 61 | PC: 148ab | Open file (Filename = 'C:\COMMAND.COM') |
| 2018-12-17T23:07:37.011666127Z | 62 | PC: 148ab | Close file |
| 2018-12-17T23:07:37.015850843Z | 9 | PC: 148ab | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes.
') |
