.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:11:25.279124004Z | 74 | PC: 12aa2 | Reallocate memory |
| 2018-12-17T23:11:25.281346464Z | 72 | PC: 12aa9 | Allocate memory |
| 2018-12-17T23:11:25.283207174Z | 37 | PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:11:25.285073354Z | 26 | PC: 12abd | Set disk transfer address |
| 2018-12-17T23:11:25.287114483Z | 25 | PC: 12ac1 | Get default drive |
| 2018-12-17T23:11:25.296068693Z | 78 | PC: 12bf3 | Find first file |
| 2018-12-17T23:11:25.303030697Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.305116029Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.312229608Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.314060431Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.317020749Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.320231628Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.323909325Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.326188161Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.330494641Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.332985846Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.336046793Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.339067073Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.35247987Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.354739079Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.358114017Z | 61 | PC: 12b79 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:11:25.367247264Z | 63 | PC: 12b89 | Read file or device (Read 603 bytes on handle 5) |
| 2018-12-17T23:11:25.376217004Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-17T23:11:25.378221735Z | 64 | PC: 12ba3 | Write file or device (Write 603 bytes on handle 5) |
| 2018-12-17T23:11:25.393774806Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-17T23:11:25.395633923Z | 64 | PC: 12c28 | Write file or device (Write 603 bytes on handle 5) |
| 2018-12-17T23:11:25.405198962Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.415020935Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.418245299Z | 78 | PC: 12bb1 | Find first file |
| 2018-12-17T23:11:25.426171286Z | 78 | PC: 12bb1 | Find first file |
| 2018-12-17T23:11:25.433400663Z | 78 | PC: 12c53 | Find first file |
| 2018-12-17T23:11:25.456844766Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.460389593Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.464430674Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.467712045Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.470988247Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.474697383Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.478483654Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.481930317Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.485623202Z | 79 | PC: 12c53 | Find next file |
| 2018-12-17T23:11:25.488810507Z | 68 | PC: 12aea | I/O control for devices (Set for = '*.???') |
| 2018-12-17T23:11:25.491400308Z | 14 | PC: 12af6 | Set default drive (Drive = 'D') |
| 2018-12-17T23:11:25.493169565Z | 78 | PC: 12bf3 | Find first file |
| 2018-12-17T23:11:25.501194648Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.503436936Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.506466193Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.509875886Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.513082867Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.515153722Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.519114061Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.520757732Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.524288573Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.527321477Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.530317842Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.532195113Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.536020287Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.54472044Z | 79 | PC: 12bf3 | Find next file |
| 2018-12-17T23:11:25.548565922Z | 61 | PC: 12b79 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:11:25.556377204Z | 63 | PC: 12b89 | Read file or device (Read 603 bytes on handle 3) |
| 2018-12-17T23:11:25.564584821Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-17T23:11:25.566396438Z | 64 | PC: 12ba3 | Write file or device (Write 603 bytes on handle 3) |
| 2018-12-17T23:11:25.574956197Z | 66 | PC: 12b61 | Move file pointer |
| 2018-12-17T23:11:25.577916605Z | 64 | PC: 12c28 | Write file or device (Write 603 bytes on handle 3) |
| 2018-12-17T23:11:25.586663395Z | 62 | PC: 12c2d | Close file |
| 2018-12-17T23:11:25.595946475Z | 14 | PC: 12afe | Set default drive (Drive = 'A') |
| 2018-12-17T23:11:25.598492603Z | 73 | PC: 12b0a | Release memory |
| 2018-12-17T23:11:25.600639972Z | 74 | PC: 12b13 | Reallocate memory |
| 2018-12-17T23:11:25.602703994Z | 74 | PC: 12b17 | Reallocate memory |
| 2018-12-17T23:11:25.605246466Z | 26 | PC: 12b1e | Set disk transfer address |
| 2018-12-17T23:11:25.607076448Z | 37 | PC: 12b28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:11:25.608855053Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T23:11:25.610638497Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T23:11:25.62129562Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T23:11:25.628731736Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T23:11:25.631452924Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T23:11:25.634652222Z | 9 | PC: 12b03 | Display string (String= 'Size change=+0711h/01809d. Virus might be activ?
��') |
| 2018-12-17T23:11:25.641288573Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
