{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8695,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:41.429997593Z | 26 | PC: 1327a | Set disk transfer address |
| 2018-12-25T12:21:41.432185642Z | 71 | PC: 13295 | Get current directory |
| 2018-12-25T12:21:41.435574341Z | 59 | PC: 1329c | Change current directory |
| 2018-12-25T12:21:41.440179465Z | 78 | PC: 1334c | Find first file |
| 2018-12-25T12:21:41.453988746Z | 78 | PC: 1334c | Find first file (See above) |
| 2018-12-25T12:21:41.46686731Z | 67 | PC: 1324a | Get or set file attributes |
| 2018-12-25T12:21:41.483921047Z | 61 | PC: 13393 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:41.491817873Z | 63 | PC: 133a2 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:21:41.500075215Z | 66 | PC: 13483 | Move file pointer |
| 2018-12-25T12:21:41.501511495Z | 64 | PC: 134a8 | Write file or device (Write 19 bytes on handle 5) |
| 2018-12-25T12:21:41.504478921Z | 66 | PC: 134b1 | Move file pointer |
| 2018-12-25T12:21:41.506872749Z | 64 | PC: 134c2 | Write file or device (Write 1109 bytes on handle 5) |
| 2018-12-25T12:21:41.517109584Z | 87 | PC: 134cf | Get or set file date and time |
| 2018-12-25T12:21:41.519263335Z | 62 | PC: 134d3 | Close file |
| 2018-12-25T12:21:41.529080021Z | 67 | PC: 1324a | Get or set file attributes (See above) |
| 2018-12-25T12:21:41.540348553Z | 59 | PC: 134e5 | Change current directory |
| 2018-12-25T12:21:41.545075316Z | 42 | PC: 134e9 | Get date 0x134e9: cmp dx, word ptr [0x2da] 0x134ed: je 0x134f5 0x134ef: cmp dx, word ptr [0x2dc] 0x134f3: jne 0x1352f 0x134f5: mov ah, 0x2c 0x134f7: int 0x21 0x134f9: cmp ch, 0xa 0x134fc: jb 0x1352f 0x134fe: mov cx, 0xc8 0x13501: xor dx, dx 0x13503: mov al, 0x19 0x13505: cmp al, 1 0x13507: jne 0x1350b 0x13509: xor al, al 0x1350b: cmp al, 0xff 0x1350d: jne 0x13511 0x1350f: mov al, 1 0x13511: push ax 0x13512: push cx 0x13513: int 0x26 |
| 2018-12-25T12:21:41.548306135Z | 60 | PC: 1354b | Create or truncate file |
| 2018-12-25T12:21:41.557352816Z | 48 | PC: 12c2a | Get DOS version |
| 2018-12-25T12:21:41.558451413Z | 75 | PC: 12c38 | Execute program |
| 2018-12-25T12:21:41.560379348Z | 53 | PC: 12c53 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:41.561826572Z | 80 | PC: 12cba | Set current PSP |
| 2018-12-25T12:21:41.563509468Z | 37 | PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:41.564781131Z | 26 | PC: 12be4 | Set disk transfer address |
| 2018-12-25T12:21:41.566417247Z | 42 | PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa |
| 2018-12-25T12:21:41.567982903Z | 53 | PC: 12bff | Get interrupt vector (Interrupt = '40' AKA 'Random block write') |
| 2018-12-25T12:21:41.569016365Z | 37 | PC: 12c13 | Set interrupt vector (Interrupt = '40' AKA 'Random block write') |
| 2018-12-25T12:21:41.635966232Z | 53 | PC: 12c40 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:21:41.637184919Z | 37 | PC: 12c55 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:21:41.638416166Z | 9 | PC: 13242 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:21:41.641170509Z | 42 | PC: 13071 | Get date 0x13071: cmp cx, 0x7c4 0x13075: jb 0x13084 0x13077: ja 0x1307e 0x13079: cmp dh, 0xa 0x1307c: jb 0x13084 0x1307e: and byte ptr cs:[0x157], 0xf7 0x13084: pop dx 0x13085: pop cx 0x13086: pop ax 0x13087: ljmp ptr cs:[0x13b] 0x1308c: push es 0x1308d: push bx 0x1308e: mov ah, 0x48 0x13090: mov bx, 0x6b 0x13093: int 0x21 0x13095: pop bx 0x13096: jae 0x1309b 0x13098: stc 0x13099: pop es 0x1309a: ret |
| 2018-12-25T12:21:41.64454078Z | 76 | PC: 13246 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8695,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:41.572462722Z | 26 | PC: 1327a | Set disk transfer address |
| 2018-12-25T12:21:41.574050161Z | 71 | PC: 13295 | Get current directory |
| 2018-12-25T12:21:41.577189425Z | 59 | PC: 1329c | Change current directory |
| 2018-12-25T12:21:41.581585293Z | 78 | PC: 1334c | Find first file |
| 2018-12-25T12:21:41.588421634Z | 78 | PC: 1334c | Find first file (See above) |
| 2018-12-25T12:21:41.595914386Z | 67 | PC: 1324a | Get or set file attributes |
| 2018-12-25T12:21:41.614611794Z | 61 | PC: 13393 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:41.627999696Z | 63 | PC: 133a2 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:21:41.6367402Z | 66 | PC: 13483 | Move file pointer |
| 2018-12-25T12:21:41.638181475Z | 64 | PC: 134a8 | Write file or device (Write 19 bytes on handle 5) |
| 2018-12-25T12:21:41.641075736Z | 66 | PC: 134b1 | Move file pointer |
| 2018-12-25T12:21:41.643280013Z | 64 | PC: 134c2 | Write file or device (Write 1109 bytes on handle 5) |
| 2018-12-25T12:21:41.652606626Z | 87 | PC: 134cf | Get or set file date and time |
| 2018-12-25T12:21:41.654374187Z | 62 | PC: 134d3 | Close file |
| 2018-12-25T12:21:41.663916473Z | 67 | PC: 1324a | Get or set file attributes (See above) |
| 2018-12-25T12:21:41.674984859Z | 59 | PC: 134e5 | Change current directory |
| 2018-12-25T12:21:41.67944581Z | 42 | PC: 134e9 | Get date 0x134e9: cmp dx, word ptr [0x2da] 0x134ed: je 0x134f5 0x134ef: cmp dx, word ptr [0x2dc] 0x134f3: jne 0x1352f 0x134f5: mov ah, 0x2c 0x134f7: int 0x21 0x134f9: cmp ch, 0xa 0x134fc: jb 0x1352f 0x134fe: mov cx, 0xc8 0x13501: xor dx, dx 0x13503: mov al, 0x19 0x13505: cmp al, 1 0x13507: jne 0x1350b 0x13509: xor al, al 0x1350b: cmp al, 0xff 0x1350d: jne 0x13511 0x1350f: mov al, 1 0x13511: push ax 0x13512: push cx 0x13513: int 0x26 |
| 2018-12-25T12:21:41.68257626Z | 60 | PC: 1354b | Create or truncate file |
| 2018-12-25T12:21:41.692562602Z | 48 | PC: 12c2a | Get DOS version |
| 2018-12-25T12:21:41.695336849Z | 75 | PC: 12c38 | Execute program |
| 2018-12-25T12:21:41.697747405Z | 53 | PC: 12c53 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:41.700858438Z | 80 | PC: 12cba | Set current PSP |
| 2018-12-25T12:21:41.702648652Z | 37 | PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:41.712042593Z | 26 | PC: 12be4 | Set disk transfer address |
| 2018-12-25T12:21:41.713465276Z | 42 | PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa |
| 2018-12-25T12:21:41.716001262Z | 9 | PC: 13242 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:21:41.722283895Z | 76 | PC: 13246 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8695,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:41.743292476Z | 26 | PC: 1327a | Set disk transfer address |
| 2018-12-25T12:21:41.744758941Z | 71 | PC: 13295 | Get current directory |
| 2018-12-25T12:21:41.747156908Z | 59 | PC: 1329c | Change current directory |
| 2018-12-25T12:21:41.75033865Z | 78 | PC: 1334c | Find first file |
| 2018-12-25T12:21:41.75460085Z | 78 | PC: 1334c | Find first file (See above) |
| 2018-12-25T12:21:41.761916115Z | 67 | PC: 1324a | Get or set file attributes |
| 2018-12-25T12:21:41.780724443Z | 61 | PC: 13393 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:41.793393044Z | 63 | PC: 133a2 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:21:41.801278455Z | 66 | PC: 13483 | Move file pointer |
| 2018-12-25T12:21:41.803392822Z | 64 | PC: 134a8 | Write file or device (Write 19 bytes on handle 5) |
| 2018-12-25T12:21:41.80680956Z | 66 | PC: 134b1 | Move file pointer |
| 2018-12-25T12:21:41.80998746Z | 64 | PC: 134c2 | Write file or device (Write 1109 bytes on handle 5) |
| 2018-12-25T12:21:41.819977378Z | 87 | PC: 134cf | Get or set file date and time |
| 2018-12-25T12:21:41.821588731Z | 62 | PC: 134d3 | Close file |
| 2018-12-25T12:21:41.830915209Z | 67 | PC: 1324a | Get or set file attributes (See above) |
| 2018-12-25T12:21:41.841847288Z | 59 | PC: 134e5 | Change current directory |
| 2018-12-25T12:21:41.846307385Z | 42 | PC: 134e9 | Get date 0x134e9: cmp dx, word ptr [0x2da] 0x134ed: je 0x134f5 0x134ef: cmp dx, word ptr [0x2dc] 0x134f3: jne 0x1352f 0x134f5: mov ah, 0x2c 0x134f7: int 0x21 0x134f9: cmp ch, 0xa 0x134fc: jb 0x1352f 0x134fe: mov cx, 0xc8 0x13501: xor dx, dx 0x13503: mov al, 0x19 0x13505: cmp al, 1 0x13507: jne 0x1350b 0x13509: xor al, al 0x1350b: cmp al, 0xff 0x1350d: jne 0x13511 0x1350f: mov al, 1 0x13511: push ax 0x13512: push cx 0x13513: int 0x26 |
| 2018-12-25T12:21:41.848931007Z | 60 | PC: 1354b | Create or truncate file |
| 2018-12-25T12:21:41.858315303Z | 48 | PC: 12c2a | Get DOS version |
| 2018-12-25T12:21:41.859535361Z | 75 | PC: 12c38 | Execute program |
| 2018-12-25T12:21:41.86149929Z | 53 | PC: 12c53 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:41.864620122Z | 80 | PC: 12cba | Set current PSP |
| 2018-12-25T12:21:41.866482883Z | 37 | PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:41.867825742Z | 26 | PC: 12be4 | Set disk transfer address |
| 2018-12-25T12:21:41.87282725Z | 42 | PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa |
| 2018-12-25T12:21:41.875524198Z | 9 | PC: 13242 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:21:41.881619339Z | 76 | PC: 13246 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8695,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:42.055325599Z | 26 | PC: 1327a | Set disk transfer address |
| 2018-12-25T12:21:42.060255901Z | 71 | PC: 13295 | Get current directory |
| 2018-12-25T12:21:42.063576335Z | 59 | PC: 1329c | Change current directory |
| 2018-12-25T12:21:42.07380656Z | 78 | PC: 132ba | Find first file |
| 2018-12-25T12:21:42.086715728Z | 79 | PC: 132dc | Find next file |
| 2018-12-25T12:21:42.089645992Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.092336481Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.094977778Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.098728992Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.101628992Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.104321093Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.107527445Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.1130005Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.115476997Z | 78 | PC: 1334c | Find first file |
| 2018-12-25T12:21:42.122618053Z | 78 | PC: 1334c | Find first file (See above) |
| 2018-12-25T12:21:42.130459646Z | 67 | PC: 1324a | Get or set file attributes |
| 2018-12-25T12:21:42.148122844Z | 61 | PC: 13393 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:42.1562187Z | 63 | PC: 133a2 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:21:42.163758353Z | 66 | PC: 13483 | Move file pointer |
| 2018-12-25T12:21:42.165354115Z | 64 | PC: 134a8 | Write file or device (Write 19 bytes on handle 5) |
| 2018-12-25T12:21:42.168195352Z | 66 | PC: 134b1 | Move file pointer |
| 2018-12-25T12:21:42.170550182Z | 64 | PC: 134c2 | Write file or device (Write 1109 bytes on handle 5) |
| 2018-12-25T12:21:42.181061578Z | 87 | PC: 134cf | Get or set file date and time |
| 2018-12-25T12:21:42.183363714Z | 62 | PC: 134d3 | Close file |
| 2018-12-25T12:21:42.20079091Z | 67 | PC: 1324a | Get or set file attributes (See above) |
| 2018-12-25T12:21:42.213023684Z | 59 | PC: 134e5 | Change current directory |
| 2018-12-25T12:21:42.217879217Z | 42 | PC: 134e9 | Get date 0x134e9: cmp dx, word ptr [0x2da] 0x134ed: je 0x134f5 0x134ef: cmp dx, word ptr [0x2dc] 0x134f3: jne 0x1352f 0x134f5: mov ah, 0x2c 0x134f7: int 0x21 0x134f9: cmp ch, 0xa 0x134fc: jb 0x1352f 0x134fe: mov cx, 0xc8 0x13501: xor dx, dx 0x13503: mov al, 0x19 0x13505: cmp al, 1 0x13507: jne 0x1350b 0x13509: xor al, al 0x1350b: cmp al, 0xff 0x1350d: jne 0x13511 0x1350f: mov al, 1 0x13511: push ax 0x13512: push cx 0x13513: int 0x26 |
| 2018-12-25T12:21:42.221023214Z | 60 | PC: 1354b | Create or truncate file |
| 2018-12-25T12:21:42.231317105Z | 48 | PC: 12c2a | Get DOS version |
| 2018-12-25T12:21:42.233113046Z | 75 | PC: 12c38 | Execute program |
| 2018-12-25T12:21:42.235593521Z | 53 | PC: 12c53 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:42.23715933Z | 80 | PC: 12cba | Set current PSP |
| 2018-12-25T12:21:42.238922895Z | 37 | PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:42.240434305Z | 26 | PC: 12be4 | Set disk transfer address |
| 2018-12-25T12:21:42.242127312Z | 42 | PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa |
| 2018-12-25T12:21:42.331986126Z | 53 | PC: 12c40 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:21:42.333598326Z | 37 | PC: 12c55 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:21:42.335458423Z | 9 | PC: 13242 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:21:42.341711998Z | 76 | PC: 13246 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8695,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:42.181361888Z | 26 | PC: 1327a | Set disk transfer address |
| 2018-12-25T12:21:42.182928317Z | 71 | PC: 13295 | Get current directory |
| 2018-12-25T12:21:42.186326694Z | 59 | PC: 1329c | Change current directory |
| 2018-12-25T12:21:42.196151163Z | 78 | PC: 132ba | Find first file |
| 2018-12-25T12:21:42.209119302Z | 79 | PC: 132dc | Find next file |
| 2018-12-25T12:21:42.211970457Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.21472793Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.218106391Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.221017748Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.223561361Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.226041674Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.228805852Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.231270215Z | 79 | PC: 132dc | Find next file (See above) |
| 2018-12-25T12:21:42.233593612Z | 78 | PC: 1334c | Find first file |
| 2018-12-25T12:21:42.240402682Z | 78 | PC: 1334c | Find first file (See above) |
| 2018-12-25T12:21:42.246936522Z | 67 | PC: 1324a | Get or set file attributes |
| 2018-12-25T12:21:42.262647003Z | 61 | PC: 13393 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:21:42.27063364Z | 63 | PC: 133a2 | Read file or device (Read 24 bytes on handle 5) |
| 2018-12-25T12:21:42.278519517Z | 66 | PC: 13483 | Move file pointer |
| 2018-12-25T12:21:42.280391335Z | 64 | PC: 134a8 | Write file or device (Write 19 bytes on handle 5) |
| 2018-12-25T12:21:42.284219329Z | 66 | PC: 134b1 | Move file pointer |
| 2018-12-25T12:21:42.285815388Z | 64 | PC: 134c2 | Write file or device (Write 1109 bytes on handle 5) |
| 2018-12-25T12:21:42.302400058Z | 87 | PC: 134cf | Get or set file date and time |
| 2018-12-25T12:21:42.305205547Z | 62 | PC: 134d3 | Close file |
| 2018-12-25T12:21:42.314165661Z | 67 | PC: 1324a | Get or set file attributes (See above) |
| 2018-12-25T12:21:42.325575147Z | 59 | PC: 134e5 | Change current directory |
| 2018-12-25T12:21:42.331528944Z | 42 | PC: 134e9 | Get date 0x134e9: cmp dx, word ptr [0x2da] 0x134ed: je 0x134f5 0x134ef: cmp dx, word ptr [0x2dc] 0x134f3: jne 0x1352f 0x134f5: mov ah, 0x2c 0x134f7: int 0x21 0x134f9: cmp ch, 0xa 0x134fc: jb 0x1352f 0x134fe: mov cx, 0xc8 0x13501: xor dx, dx 0x13503: mov al, 0x19 0x13505: cmp al, 1 0x13507: jne 0x1350b 0x13509: xor al, al 0x1350b: cmp al, 0xff 0x1350d: jne 0x13511 0x1350f: mov al, 1 0x13511: push ax 0x13512: push cx 0x13513: int 0x26 |
| 2018-12-25T12:21:42.334936845Z | 60 | PC: 1354b | Create or truncate file |
| 2018-12-25T12:21:42.345202902Z | 48 | PC: 12c2a | Get DOS version |
| 2018-12-25T12:21:42.347040313Z | 75 | PC: 12c38 | Execute program |
| 2018-12-25T12:21:42.349831386Z | 53 | PC: 12c53 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:42.351474662Z | 80 | PC: 12cba | Set current PSP |
| 2018-12-25T12:21:42.35341094Z | 37 | PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:21:42.360557541Z | 26 | PC: 12be4 | Set disk transfer address |
| 2018-12-25T12:21:42.361897344Z | 42 | PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa |
| 2018-12-25T12:21:42.36425762Z | 9 | PC: 13242 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T12:21:42.371539432Z | 76 | PC: 13246 | Terminate with return code (Return code = '36') |