Sample viewer

vx.netlux.org/Virus.DOS.Temple.2221

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:30.765337603Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:06:30.778034648Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:06:30.780057292Z 48 PC: 13228 | Get DOS version
2018-12-17T23:06:30.781129763Z 119 PC: 13234 | UNKNOWN!
2018-12-17T23:06:30.782213513Z 48 PC: 13207 | Get DOS version
2018-12-17T23:06:30.783915471Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-17T23:06:30.785606232Z 73 PC: 12c2d | Release memory
2018-12-17T23:06:30.78681925Z 72 PC: 12c36 | Allocate memory
2018-12-17T23:06:30.788723525Z 72 PC: 12c43 | Allocate memory
2018-12-17T23:06:30.790154875Z 72 PC: 12c4c | Allocate memory
2018-12-17T23:06:30.791568401Z 73 PC: 12c58 | Release memory
2018-12-17T23:06:30.79406362Z 38 PC: 12c5d | Create PSP
2018-12-17T23:06:30.795747461Z 80 PC: 12c63 | Set current PSP
2018-12-17T23:06:30.796832016Z 72 PC: 12c6a | Allocate memory
2018-12-17T23:06:30.800317904Z 80 PC: 12c70 | Set current PSP
2018-12-17T23:06:30.803189854Z 53 PC: 12c8c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:30.805891548Z 37 PC: 12c9d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:30.809152354Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-17T23:06:30.812184683Z 48 PC: 13207 | Get DOS version
2018-12-17T23:06:30.814119397Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-17T23:06:30.817623737Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:30.819965002Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:30.821841008Z 54 PC: 12e0b | Get free disk space
2018-12-17T23:06:30.870768427Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-17T23:06:30.881167272Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-17T23:06:30.887823188Z 67 PC: 12eab | Get or set file attributes
2018-12-17T23:06:30.893904239Z 67 PC: 12eb8 | Get or set file attributes
2018-12-17T23:06:31.238409528Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-17T23:06:31.242149221Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-17T23:06:31.250990896Z 87 PC: 12f11 | Get or set file date and time
2018-12-17T23:06:31.253336543Z 66 PC: 12f24 | Move file pointer
2018-12-17T23:06:31.255079473Z 66 PC: 12f35 | Move file pointer
2018-12-17T23:06:31.256803461Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:06:31.264433604Z 66 PC: 12f64 | Move file pointer
2018-12-17T23:06:31.266167019Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:06:31.272606277Z 66 PC: 130e9 | Move file pointer
2018-12-17T23:06:31.275446827Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:31.2786218Z 66 PC: 13100 | Move file pointer
2018-12-17T23:06:31.280571591Z 66 PC: 1311a | Move file pointer
2018-12-17T23:06:31.283092961Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-17T23:06:31.287515322Z 66 PC: 1313f | Move file pointer
2018-12-17T23:06:31.289892779Z 66 PC: 13151 | Move file pointer
2018-12-17T23:06:31.292295725Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:06:31.299285596Z 66 PC: 13171 | Move file pointer
2018-12-17T23:06:31.301696175Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-17T23:06:31.314528107Z 87 PC: 1318c | Get or set file date and time
2018-12-17T23:06:31.319086074Z 62 PC: 13190 | Close file
2018-12-17T23:06:31.348789492Z 67 PC: 12ee0 | Get or set file attributes
2018-12-17T23:06:31.36355748Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:31.367374714Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:31.369796842Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:31.37128099Z 54 PC: 12e0b | Get free disk space
2018-12-17T23:06:31.374130751Z 65 PC: 12c15 | Delete file (Filename = 'C:\DOS\CHKLIST.MS')
2018-12-17T23:06:31.382188022Z 65 PC: 12c25 | Delete file (Filename = 'C:\DOS\CHKLIST.CPS')
2018-12-17T23:06:31.389697561Z 67 PC: 12eab | Get or set file attributes
2018-12-17T23:06:31.397802238Z 67 PC: 12eb8 | Get or set file attributes
2018-12-17T23:06:31.405368329Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.371169127Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.372904367Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.375097214Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.376334859Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.376982706Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.380693389Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.384366689Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.386994894Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.38924646Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.392042768Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.39319019Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.395194457Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.439730759Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.448651947Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.455504439Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.462644142Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.4617838Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.464452465Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.472383989Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.474008564Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.475543642Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.477800054Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.485699006Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.487249118Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.494976954Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.496678215Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.500803655Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.502908977Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.504379024Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.508277817Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.509714138Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.511371213Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.516221715Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.517454321Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.533513828Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.535177651Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.581737638Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.840750092Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.842282225Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.844438193Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.846249086Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.849174552Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.859465237Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.866444022Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.87299685Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.879454314Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.433015602Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.436467206Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.438193845Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.439862539Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.441866481Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.444354746Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.447168218Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.44996491Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.45316216Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.45670616Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.458065789Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.459856256Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.507159131Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.516149175Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.523419968Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.52962335Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.461975459Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.464948677Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.472027597Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.473802596Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.475803146Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.477611982Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.484281691Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.485698801Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.491937593Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.493331265Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.496176062Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.498366913Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.499811382Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.503236935Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.505152354Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.506533684Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.512147017Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.514379753Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.581527128Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.583107725Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.841657491Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.892503507Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.894568465Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.897298355Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.901463661Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.905369233Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.916684236Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.927800699Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.93953833Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.956948105Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.420595611Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.42259086Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.425050144Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.426658882Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.428022319Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.430398624Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.433123934Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.435972647Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.438338738Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.441792214Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.443707275Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.446740368Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.493113552Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.502237068Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.508388996Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.514277175Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.461684783Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.46353307Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.470461813Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.472030331Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.473514063Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.475709729Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.483384669Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.485023037Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.491538879Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.492948676Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.49554005Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.497402524Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.499128644Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.502855537Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.505860885Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.507295887Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.512171374Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.518163374Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.749996084Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.751630209Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.892846756Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.905837573Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.907760212Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.909424318Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.914961369Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.918451724Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.928943934Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.938098215Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.945539554Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.95282959Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":23,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.58120506Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.582751262Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.584247932Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.585736486Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.587281801Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.591494805Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.593714306Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.59598522Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.597212286Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.599387718Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.600857368Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.602496988Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.644609816Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.654656078Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.661347984Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.667031034Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.892601438Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.897480207Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.905296631Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.907410385Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.910730634Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.913239364Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.935780485Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.93887393Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.946435153Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.948432657Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.951661414Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.954743919Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.956859919Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.960597684Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.962899573Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.964401927Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.969344334Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.97128823Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.98354535Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.985672656Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.995134823Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:49.005759031Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:49.007558188Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:49.009720811Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:49.011250991Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:49.014164651Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:49.020684126Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.027895824Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.038875492Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.045781763Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.592385444Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.593971818Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.595001129Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.596028759Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.597238562Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.598308657Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.60036461Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.60251227Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.609695162Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.611584376Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.612518955Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.613682738Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.635466627Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.640601139Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.644790059Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.64876215Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.392030242Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.39565786Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.399691985Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.400825651Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.402551481Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.404144255Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.475551234Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.477351268Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.48926315Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.490785693Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.493163994Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.494726396Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.495936304Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.499275387Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.502151494Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.503835661Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.508473114Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.51137129Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.555848969Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.557226138Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.707531968Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.727146162Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.728815771Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.730784133Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.731874333Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.735093369Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.745502316Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.751749361Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.758188458Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.765783005Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.627129968Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.628560344Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.62963062Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.630568456Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.632159674Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.633150107Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.63519059Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.637429691Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.638643258Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.640912826Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.642589801Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.643986089Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.681840922Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.68944798Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.695039831Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.70004628Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.391041504Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.39474389Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.400921663Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.402466471Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.40517692Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.406420138Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.412042614Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.413876494Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.417547032Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.418699817Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.421118764Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.422114118Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.423038306Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.425537676Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.426507383Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.427397268Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.43070319Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.43207016Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.762855718Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.765681622Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.890728062Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.899947715Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.901692363Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.904431635Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.905929341Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.909005247Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.919536978Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.926029852Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.932604267Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.940752059Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.676523737Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.678038817Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.679070362Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.680078139Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.682584529Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.683691506Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.685733117Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.688485998Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.689505828Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.691691366Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.693475167Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.694511446Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.730039062Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.735815309Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.741334677Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.745934733Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.391057052Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.39418574Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.400250328Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.401506503Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.40378427Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.405842881Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.475914908Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.478556062Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.485365418Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.486593939Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.489842086Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.491572438Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.492916294Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.496799848Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.498155866Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.499392881Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.503918565Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.505529765Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.575814138Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.577567198Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.65711978Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.685915204Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.687682535Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.689183891Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.690628937Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.693919723Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.702838612Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.709102002Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.715466026Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.727474326Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":23,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.84331115Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.844662192Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.845733048Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.846786905Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.84800205Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.84921502Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.851397039Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.853853968Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.854956335Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.857194939Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.858876475Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.86034141Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.897918315Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.907827539Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.913333062Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.918452781Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.391653809Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.395285641Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.401645133Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.403693982Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.405480777Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.406900339Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.472638755Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.474104251Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.479693296Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.481419333Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.483905135Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.485573559Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.487429755Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.490638763Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.492188811Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.494297594Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.498587876Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.499830445Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.576109016Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.577616307Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.657445531Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.676411322Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.678860826Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.679985633Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.680793439Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.682730399Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.689329358Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.693523323Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:48.697992688Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:48.701914573Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.831301758Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.832871266Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:45.833876966Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:45.834840416Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:45.835463178Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:45.836868424Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:45.839156955Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:45.841319123Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:45.84297988Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:45.845517158Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.846652249Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.8482809Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:45.896511946Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:45.906608428Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:45.912912236Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:45.918518551Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.892913583Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.896982937Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.904068576Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.905806755Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.908236552Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.909914409Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.91698304Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.919401524Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.928346294Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.93006833Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.932857594Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.935565522Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.938144717Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.943198658Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.946345157Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.948801833Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.955331542Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.958069885Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.970524122Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.972778965Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.981494263Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.98851634Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.990358777Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.992204417Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.994221549Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.998371733Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:49.010209184Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.017795924Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.025994723Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.034371198Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:46.14249984Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:46.143998588Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:46.145084694Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:46.146127038Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:46.147454982Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:46.148792378Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:46.151049606Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:46.153676973Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:46.154930227Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:46.157217183Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.158786474Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.161815468Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:46.200155918Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:46.208130045Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:46.213130802Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:46.217933073Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.89098494Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.895445044Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.901515213Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.902813964Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.904834619Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.906222063Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.913790465Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.916047149Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.922456806Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.923774148Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.927564254Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.929106455Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.930765049Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.934674692Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.936047805Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.937713122Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.943279149Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.945240128Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.955064432Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.957781377Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.965678777Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.974716291Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.976083878Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.977964414Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.979500768Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.982111629Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.999863015Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.006340954Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.013297921Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.020488202Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:46.136232014Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:46.137844769Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:46.138769671Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:46.139574237Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:46.148323213Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:46.149376547Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:46.15100869Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:46.152980219Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:46.154899948Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:46.157267745Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.161271813Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.162447294Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:46.197624058Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:46.203231643Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:46.20650518Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:46.212274391Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.892208672Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.895663265Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.902500879Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.904300354Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.9068781Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.911555889Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.917833581Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.920118712Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.925502961Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.92676466Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.931238156Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.932998753Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.93461222Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.944642984Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.945966636Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.947176557Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.959360526Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.960730287Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.97042051Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.972371743Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.979333135Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.988225814Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.990668749Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.991721051Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.992685623Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.995871123Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:49.005332107Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.011823559Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.018441054Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.025629003Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:46.186091104Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:46.188207793Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:46.189374455Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:46.190735618Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:46.192102131Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:46.19350173Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:46.195817721Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:46.198082066Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:46.200378346Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:46.203017423Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.20416081Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.206389837Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:46.255249275Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:46.264403596Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:46.270586353Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:46.276401479Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.892480422Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.896051236Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.903967369Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.906819368Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.908850824Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.914618935Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.926185559Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.928290539Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.938203986Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.940428949Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.943973447Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.947930597Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.950721529Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.955769379Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.962133441Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.986476314Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.992216623Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.995001658Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:49.007374123Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:49.009417347Z 62 PC: 13190 | Close file
2018-12-25T12:43:49.01780652Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:49.029205127Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:49.031259868Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:49.033052355Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:49.035978587Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:49.039475386Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:49.051216234Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.059337106Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.06678124Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.073906668Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:46.381519567Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:46.383284054Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:46.384679145Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:46.385843448Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:46.386816528Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:46.387994683Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:46.389555539Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:46.391180229Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:46.392527218Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:46.394113489Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.395004392Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.396682247Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:46.447929668Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:46.45665592Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:46.462890615Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:46.468536287Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.892702479Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.897075277Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.905534834Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.908007941Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.910815131Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.91426485Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.921863568Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.923807552Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.93176971Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.933412841Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.936238854Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.938971494Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.941267426Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.945187137Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.947657028Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.949864378Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.955023494Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.957562336Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.968889833Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.970852828Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.980394749Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.989895703Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.991445419Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.992976905Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.994537734Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.997533894Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:49.008350157Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.015935891Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.022855572Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.029676337Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:46.565584918Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:46.568050685Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:46.569230977Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:46.570561664Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:46.571803189Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:46.572986707Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:46.575109946Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:46.577328947Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:46.578968236Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:46.581221804Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.582368448Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.584179056Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:46.626136318Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:46.634039228Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:46.640375435Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:46.645547113Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.891359019Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.895415424Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.901851247Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.903079374Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.905547625Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.906846301Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.913534836Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.915104263Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.925826622Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.927418334Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.930386134Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.931753492Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.933053323Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.941581804Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.94321772Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.944525787Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.94975898Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.951100548Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.960770849Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.962647588Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.970091832Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:48.978762624Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.980248638Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:48.981389128Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:48.982368151Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:48.985318038Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:48.994288507Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:48.998198449Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.002683783Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.006724336Z 37 PC: 12ce3 | Set interrupt vector (See above)

{"DateBased":true,"Day":23,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15555,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:46.973357694Z 37 PC: 131fa | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:46.974987281Z 37 PC: 13202 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:46.977067307Z 48 PC: 13228 | Get DOS version
2018-12-25T12:43:46.978440537Z 119 PC: 13234 | UNKNOWN!
2018-12-25T12:43:46.979435023Z 48 PC: 13207 | Get DOS version
2018-12-25T12:43:46.982095722Z 42 PC: 131df | Get date 0x131df: mov ax, word ptr cs:[0xbb]
0x131e3: mov bx, word ptr cs:[0xbd]
0x131e8: cmp bx, cx
0x131ea: je 0x131ed
0x131ec: ret
0x131ed: cmp ax, dx
0x131ef: ret
0x131f0: push cs
0x131f1: pop ds
0x131f2: mov dx, 0x315
0x131f5: mov ax, 0x2501
0x131f8: int 0x21
0x131fa: mov dx, 0x315
0x131fd: mov ax, 0x2503
0x13200: int 0x21
0x13202: ret
0x13203: mov ah, 0x30
0x13205: int 0x21
0x13207: cmp al, 4
0x13209: ret
2018-12-25T12:43:46.984506686Z 42 PC: 12da1 | Get date 0x12da1: cmp dh, 0xa
0x12da4: jne 0x12db4
0x12da6: or al, al
0x12da8: jne 0x12db4
0x12daa: mov dx, 0x71
0x12dad: mov ah, 9
0x12daf: int 0x21
0x12db1: jmp 0x12db5
0x12db3: nop
0x12db4: ret
0x12db5: in al, 0x21
0x12db7: or al, 2
0x12db9: out 0x21, al
0x12dbb: hlt
0x12dbc: mov bl, 1
0x12dbe: call 0x12dca
0x12dc1: rol bl, 1
0x12dc3: cmp bl, 8
0x12dc6: jne 0x12dbe
0x12dc8: jmp 0x12dbc
2018-12-25T12:43:46.986914721Z 48 PC: 13207 | Get DOS version (See above)
2018-12-25T12:43:46.988715182Z 68 PC: 13218 | I/O control for devices (Set for = '�O')
2018-12-25T12:43:46.991245822Z 53 PC: 12cb5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.992451476Z 37 PC: 12cc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:46.994091694Z 54 PC: 12e0b | Get free disk space
2018-12-25T12:43:47.051626734Z 65 PC: 12c15 | Delete file (Filename = 'C:\CHKLIST.MS')
2018-12-25T12:43:47.060436542Z 65 PC: 12c25 | Delete file (Filename = 'C:\CHKLIST.CPS')
2018-12-25T12:43:47.066666363Z 67 PC: 12eab | Get or set file attributes
2018-12-25T12:43:47.072421166Z 67 PC: 12eb8 | Get or set file attributes
2018-12-25T12:43:48.892355181Z 42 PC: 131af | Get date 0x131af: add dl, 8
0x131b2: cmp dl, 0x1f
0x131b5: jb 0x131bc
0x131b7: inc dh
0x131b9: sub dl, 0x1e
0x131bc: cmp dh, 0xd
0x131bf: jb 0x131c5
0x131c1: inc cx
0x131c2: sub dh, 0xc
0x131c5: mov word ptr cs:[0xbb], dx
0x131ca: mov word ptr cs:[0xbd], cx
0x131cf: pop dx
0x131d0: pop cx
0x131d1: pop ax
0x131d2: ret
0x131d3: cmp byte ptr cs:[0xbb], 1
0x131d9: jb 0x131ef
0x131db: mov ah, 0x2a
0x131dd: int 0x21
0x131df: mov ax, word ptr cs:[0xbb]
2018-12-25T12:43:48.895792697Z 61 PC: 12f06 | Open file (Filename = '')
2018-12-25T12:43:48.904753883Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T12:43:48.906803035Z 66 PC: 12f24 | Move file pointer
2018-12-25T12:43:48.908765175Z 66 PC: 12f35 | Move file pointer
2018-12-25T12:43:48.910566303Z 63 PC: 12f41 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:43:48.91740813Z 66 PC: 12f64 | Move file pointer
2018-12-25T12:43:48.919090848Z 63 PC: 12f70 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:43:48.925794411Z 66 PC: 130e9 | Move file pointer
2018-12-25T12:43:48.927608122Z 63 PC: 130f5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:48.931302274Z 66 PC: 13100 | Move file pointer
2018-12-25T12:43:48.93483912Z 66 PC: 1311a | Move file pointer
2018-12-25T12:43:48.936590647Z 64 PC: 13134 | Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:43:48.940090218Z 66 PC: 1313f | Move file pointer
2018-12-25T12:43:48.942785891Z 66 PC: 13151 | Move file pointer
2018-12-25T12:43:48.94454847Z 64 PC: 1315d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:48.949632025Z 66 PC: 13171 | Move file pointer
2018-12-25T12:43:48.952477008Z 64 PC: 1317d | Write file or device (Write 2181 bytes on handle 5)
2018-12-25T12:43:48.966224676Z 87 PC: 1318c | Get or set file date and time
2018-12-25T12:43:48.974533355Z 62 PC: 13190 | Close file
2018-12-25T12:43:48.994760343Z 67 PC: 12ee0 | Get or set file attributes
2018-12-25T12:43:49.006222413Z 37 PC: 12ce3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:49.008308143Z 53 PC: 12cb5 | Get interrupt vector (See above)
2018-12-25T12:43:49.010039762Z 37 PC: 12cc5 | Set interrupt vector (See above)
2018-12-25T12:43:49.012258739Z 54 PC: 12e0b | Get free disk space (See above)
2018-12-25T12:43:49.015965531Z 65 PC: 12c15 | Delete file (See above)
2018-12-25T12:43:49.027270122Z 65 PC: 12c25 | Delete file (See above)
2018-12-25T12:43:49.03326838Z 67 PC: 12eab | Get or set file attributes (See above)
2018-12-25T12:43:49.041520802Z 67 PC: 12eb8 | Get or set file attributes (See above)
2018-12-25T12:43:49.048814805Z 37 PC: 12ce3 | Set interrupt vector (See above)