.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:22:01.539722231Z | 51 | PC: 140fc | Get or set Ctrl-Break |
| 2018-12-17T22:22:01.541349256Z | 51 | PC: 14102 | Get or set Ctrl-Break |
| 2018-12-17T22:22:01.542890443Z | 53 | PC: 14107 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:22:01.544430509Z | 37 | PC: 14112 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:22:01.546693803Z | 47 | PC: 14116 | Get disk transfer address |
| 2018-12-17T22:22:01.548466119Z | 26 | PC: 1411f | Set disk transfer address |
| 2018-12-17T22:22:01.550108868Z | 78 | PC: 14145 | Find first file |
| 2018-12-17T22:22:01.560290789Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.574863402Z | 61 | PC: 14157 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:22:01.581633741Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.583515644Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.590115742Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.591539516Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.593627191Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.600593241Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.603293529Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.613029912Z | 61 | PC: 14157 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:22:01.620570997Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.62191566Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.628146775Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.63016346Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.631931896Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.647617958Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.662844585Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.672483591Z | 61 | PC: 14157 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:22:01.679213206Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.681733474Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.688082939Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.689466513Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.691566729Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.698888779Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.701843085Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.713219159Z | 61 | PC: 14157 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:22:01.720003933Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.721695064Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.728715454Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.730387061Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.731985679Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.739349227Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.742233857Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.75196821Z | 61 | PC: 14157 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:22:01.75964272Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.761234276Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.767652894Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.769361226Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.771420103Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.778752358Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.781531816Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.791552497Z | 61 | PC: 14157 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:22:01.798738799Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.800065482Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.807600134Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.809322411Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.811110438Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.819605309Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.823348571Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.833018191Z | 61 | PC: 14157 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:22:01.845583844Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.848052251Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.854628219Z | 66 | PC: 141cd | Move file pointer |
| 2018-12-17T22:22:01.856472536Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.85946637Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.867108451Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.869855169Z | 67 | PC: 14150 | Get or set file attributes |
| 2018-12-17T22:22:01.881379484Z | 61 | PC: 14157 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:22:01.887809476Z | 87 | PC: 1415f | Get or set file date and time |
| 2018-12-17T22:22:01.889551934Z | 63 | PC: 1416a | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:22:01.897391074Z | 87 | PC: 141aa | Get or set file date and time |
| 2018-12-17T22:22:01.899258063Z | 62 | PC: 141ae | Close file |
| 2018-12-17T22:22:01.907383162Z | 79 | PC: 14145 | Find next file |
| 2018-12-17T22:22:01.91542017Z | 26 | PC: 141b8 | Set disk transfer address |
| 2018-12-17T22:22:01.916525187Z | 37 | PC: 141bd | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:22:01.917614631Z | 51 | PC: 141c1 | Get or set Ctrl-Break |
| 2018-12-17T22:22:01.919030334Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T22:22:01.920133202Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:22:01.933229294Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T22:22:01.94122551Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T22:22:01.943763411Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T22:22:01.946346951Z | 9 | PC: 12b03 | Display string (String= 'Size change=+011Ch/00284d. Virus might be activ?
��') |
| 2018-12-17T22:22:01.952761604Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
