.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:10:03.752685199Z | 53 | PC: 12c63 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:10:03.754709894Z | 37 | PC: 12c71 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:10:03.76127413Z | 26 | PC: 12c98 | Set disk transfer address |
| 2018-12-17T23:10:03.762945231Z | 78 | PC: 12cea | Find first file |
| 2018-12-17T23:10:03.770967518Z | 61 | PC: 12cf6 | Open file (Filename = 'TEST.EXE') |
| 2018-12-17T23:10:03.779243732Z | 63 | PC: 12d02 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-17T23:10:03.782359728Z | 62 | PC: 12d06 | Close file |
| 2018-12-17T23:10:03.78470759Z | 79 | PC: 12cea | Find next file |
| 2018-12-17T23:10:03.789588804Z | 78 | PC: 12cea | Find first file |
| 2018-12-17T23:10:03.800330571Z | 61 | PC: 12cf6 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:10:03.807776635Z | 63 | PC: 12d02 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-17T23:10:03.8159156Z | 62 | PC: 12d06 | Close file |
| 2018-12-17T23:10:03.82075731Z | 67 | PC: 12d7a | Get or set file attributes |
| 2018-12-17T23:10:03.844726295Z | 61 | PC: 12d7f | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:10:03.853214307Z | 66 | PC: 12d88 | Move file pointer |
| 2018-12-17T23:10:03.855555427Z | 44 | PC: 12dfc | Get time 0x12dfc: xchg cl, ch 0x12dfe: add dx, cx 0x12e00: xor dx, word ptr [bp + 0x3f4] 0x12e04: mov word ptr [bp + 0x3f4], dx 0x12e08: lea si, word ptr [bp + 0x39d] 0x12e0c: lea di, word ptr [bp + 0x44d] 0x12e10: mov cx, 0x18 0x12e13: rep movsb byte ptr es:[di], byte ptr [si] 0x12e15: mov ah, 0x40 0x12e17: mov cx, 0x2f9 0x12e1a: nop 0x12e1b: lea dx, word ptr [bp + 0x100] 0x12e1f: pushaw 0x12e20: call 0x12f75 0x12e23: mov ax, 0x4200 0x12e26: xor cx, cx 0x12e28: cdq 0x12e29: int 0x21 0x12e2b: mov ah, 0x40 0x12e2d: cmp byte ptr [bp + 0x44a], 0x63 |
| 2018-12-17T23:10:03.858848426Z | 64 | PC: 12f82 | Write file or device (Write 761 bytes on handle 5) |
| 2018-12-17T23:10:03.870095423Z | 66 | PC: 12e2b | Move file pointer |
| 2018-12-17T23:10:03.875161213Z | 64 | PC: 12e3d | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:10:03.884193788Z | 87 | PC: 12e57 | Get or set file date and time |
| 2018-12-17T23:10:03.886083229Z | 62 | PC: 12e5b | Close file |
| 2018-12-17T23:10:03.899064235Z | 67 | PC: 12e68 | Get or set file attributes |
| 2018-12-17T23:10:03.910719749Z | 37 | PC: 12e70 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:10:03.912335897Z | 26 | PC: 12e7a | Set disk transfer address |
| 2018-12-17T23:10:03.916386349Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-17T23:10:03.921360997Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |