.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:20:21.044297397Z | 77 | PC: 145f5 | Get program return code |
| 2018-12-17T22:20:21.046309812Z | 61 | PC: 1463c | Open file (Filename = 'C:\COMMAND.COM') |
| 2018-12-17T22:20:21.050890809Z | 62 | PC: 14645 | Close file |
| 2018-12-17T22:20:21.052489698Z | 82 | PC: 14490 | Get DOS internal pointers (SYSVARS) |
| 2018-12-17T22:20:21.054316089Z | 74 | PC: 135b1 | Reallocate memory |
| 2018-12-17T22:20:21.06298662Z | 42 | PC: 133a0 | Get date 0x133a0: mov ax, 0xffff 0x133a3: mov ds, ax 0x133a5: mov si, 5 0x133a8: mov di, 0xee9 0x133ab: mov cx, 0xa 0x133ae: repe cmpsb byte ptr [si], byte ptr es:[di] 0x133b0: je 0x133d3 0x133b2: mov si, 5 0x133b5: mov di, 0xee9 0x133b8: mov cx, 0xa 0x133bb: rep movsb byte ptr es:[di], byte ptr [si] 0x133bd: pop ds 0x133be: mov word ptr [0xf32], dx 0x133c2: inc word ptr [0xf34] 0x133c6: jne 0x133cc 0x133c8: inc word ptr [0xf34] 0x133cc: not byte ptr [0xf00] 0x133d0: jmp 0x133f2 0x133d2: nop 0x133d3: pop ds |
| 2018-12-17T22:20:21.066219073Z | 220 | PC: 133fe | UNKNOWN! |
| 2018-12-17T22:20:21.067881448Z | 53 | PC: 12a7e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:20:21.074908844Z | 75 | PC: 12a7e | Execute program |
| 2018-12-17T22:20:21.094216294Z | 9 | PC: 13c52 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ') |
| 2018-12-17T22:20:21.099464238Z | 76 | PC: 13c56 | Terminate with return code (Return code = '36') |
| 2018-12-17T22:20:21.111218908Z | 73 | PC: 12a7e | Release memory |
| 2018-12-17T22:20:21.112826434Z | 49 | PC: 12a7e | Terminate and stay resident (Return code = '0' | Memory size = '279') |