.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T23:09:44.811431257Z | 11 | PC: 13e72 | Get input status |
| 2018-12-17T23:09:44.815583689Z | 42 | PC: 13e72 | Get date 0x13e72: ret 0x13e73: mov si, 0x43 0x13e76: mov di, si 0x13e78: mov cx, 0x4f3 0x13e7b: lodsw ax, word ptr [si] 0x13e7c: xor ax, 0x213 0x13e7f: stosw word ptr es:[di], ax 0x13e80: loop 0x13e7b 0x13e82: ret 0x13e83: mov ax, 0x440b 0x13e86: mov bx, 0x1998 0x13e89: mov cx, 0x213 0x13e8c: call 0x23e6e 0x13e8f: cmp bx, 0x213 0x13e93: jne 0x13ea5 0x13e95: cmp cx, 0x1998 0x13e99: jne 0x13ea5 0x13e9b: or dx, dx 0x13e9d: je 0x13ea2 0x13e9f: call 0x1425c |
| 2018-12-17T23:09:44.818648664Z | 74 | PC: 13e72 | Reallocate memory |
| 2018-12-17T23:09:44.82056125Z | 74 | PC: 13e72 | Reallocate memory |
| 2018-12-17T23:09:44.822370696Z | 72 | PC: 13e72 | Allocate memory |
| 2018-12-17T23:09:44.825269515Z | 72 | PC: 13e72 | Allocate memory |
| 2018-12-17T23:09:44.827452537Z | 53 | PC: 13e72 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:09:44.829300752Z | 37 | PC: 13e72 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:09:44.832123088Z | 53 | PC: 13e72 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T23:09:44.833821627Z | 37 | PC: 13e72 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T23:09:44.835325704Z | 53 | PC: 13e72 | Get interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-17T23:09:44.83742035Z | 37 | PC: 13e72 | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-17T23:09:44.839004694Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-17T23:09:44.84570997Z | 0 | PC: 12a89 | Program terminate |