.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:48:18.044413958Z | 26 | PC: 1410b | Set disk transfer address |
| 2018-12-17T22:48:18.045690312Z | 78 | PC: 14149 | Find first file |
| 2018-12-17T22:48:18.052714872Z | 61 | PC: 14156 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:48:18.060267823Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.06814354Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.070554581Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.07377353Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.088609464Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.091391646Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.099675943Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.109126192Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.119602062Z | 61 | PC: 14156 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:48:18.127361013Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.134956905Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.13755165Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.141125784Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.144499003Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.147072034Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.150812041Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.35371245Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.357038545Z | 61 | PC: 14156 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:48:18.365226646Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.372923098Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.375287065Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.379558916Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.382625277Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.383712212Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.38623689Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.405028196Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.407140452Z | 61 | PC: 14156 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:48:18.412324428Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.41970927Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.42075459Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.423120388Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.425214001Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.426466244Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.428904612Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.446664501Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.450379156Z | 61 | PC: 14156 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:48:18.460451979Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.468374364Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.470424913Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.473833572Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.477962915Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.479458451Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.482375168Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.491246055Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.494127841Z | 61 | PC: 14156 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:48:18.501311625Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.50896579Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.510684116Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.513611526Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.523830698Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.525986838Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.533444166Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.551351029Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.554312269Z | 61 | PC: 14156 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:48:18.562073582Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.569745051Z | 66 | PC: 1417c | Move file pointer |
| 2018-12-17T22:48:18.57158328Z | 64 | PC: 14190 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.575181063Z | 64 | PC: 1419b | Write file or device (Write 267 bytes on handle 5) |
| 2018-12-17T22:48:18.578824306Z | 66 | PC: 141a4 | Move file pointer |
| 2018-12-17T22:48:18.580535979Z | 64 | PC: 141c2 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:48:18.583563005Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.593443936Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.59693812Z | 61 | PC: 14156 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:48:18.604503532Z | 63 | PC: 14165 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:48:18.6077469Z | 62 | PC: 1413d | Close file |
| 2018-12-17T22:48:18.610588854Z | 79 | PC: 14149 | Find next file |
| 2018-12-17T22:48:18.613434841Z | 26 | PC: 1411f | Set disk transfer address |
| 2018-12-17T22:48:18.61503211Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T22:48:18.617650005Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:48:18.629212931Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T22:48:18.642726359Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T22:48:18.646931433Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T22:48:18.649718241Z | 9 | PC: 12b03 | Display string (String= 'Size change=+010Fh/00271d. Virus might be activ?
��') |
| 2018-12-17T22:48:18.656811574Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
