Sample viewer

vx.netlux.org/Virus.DOS.Bishop.4517

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:20.729909143Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.736530009Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:46:20.739795612Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:20.741392461Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:20.743087003Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-17T22:46:20.746791852Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-17T22:46:20.749587723Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.751189461Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:20.753460586Z 48 PC: 12fe9 | Get DOS version
2018-12-17T22:46:20.756226361Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-17T22:46:20.759119996Z 78 PC: 1317a | Find first file
2018-12-17T22:46:20.771100046Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.778966921Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:20.780122541Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:20.786498877Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:20.789079764Z 64 PC: 151e4 | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:20.794674241Z 64 PC: 151ee | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:20.808022091Z 62 PC: 1521d | Close file
2018-12-17T22:46:20.815824675Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.820868207Z 79 PC: 131dd | Find next file
2018-12-17T22:46:20.824974149Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.830228147Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:20.831258962Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:20.836368088Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:20.838709666Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:20.844047391Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:20.850975463Z 62 PC: 1521d | Close file
2018-12-17T22:46:20.858996247Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.866206509Z 79 PC: 131dd | Find next file
2018-12-17T22:46:20.870329452Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.87491778Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:20.876987798Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:20.8842304Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:20.887094349Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:20.895318285Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:20.904808239Z 62 PC: 1521d | Close file
2018-12-17T22:46:20.914093077Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.922919073Z 79 PC: 131dd | Find next file
2018-12-17T22:46:20.930564833Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.938130191Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:20.940258208Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:20.948749336Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:20.951626199Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:20.961374798Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:20.973783343Z 62 PC: 1521d | Close file
2018-12-17T22:46:20.988412248Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:20.995964513Z 79 PC: 131dd | Find next file
2018-12-17T22:46:21.001695376Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.00745337Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:21.008514834Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:21.014530211Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:21.016602513Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:21.021787883Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:21.030131332Z 62 PC: 1521d | Close file
2018-12-17T22:46:21.039219181Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.04500083Z 79 PC: 131dd | Find next file
2018-12-17T22:46:21.051801732Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.057877384Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:21.058889214Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:21.066276678Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:21.069108086Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:21.074816367Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:21.084080056Z 62 PC: 1521d | Close file
2018-12-17T22:46:21.092366599Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.100009103Z 79 PC: 131dd | Find next file
2018-12-17T22:46:21.106060929Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.111525372Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:21.112701561Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:21.119055394Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:21.122041332Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:21.129858273Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:21.138552443Z 62 PC: 1521d | Close file
2018-12-17T22:46:21.147484348Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.153953698Z 79 PC: 131dd | Find next file
2018-12-17T22:46:21.159909844Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.16623801Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:46:21.167347173Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:46:21.172769296Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:46:21.175505235Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:46:21.178783662Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:46:21.186314786Z 62 PC: 1521d | Close file
2018-12-17T22:46:21.195061985Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:46:21.201237544Z 79 PC: 131dd | Find next file
2018-12-17T22:46:21.203992328Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-17T22:46:21.209336314Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8852,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:05.149936608Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.157389936Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:05.159355657Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.160528032Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.162136766Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:22:05.164773418Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:22:05.1671019Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.168564565Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.169880295Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:22:05.171720823Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:22:05.174764202Z 78 PC: 1317a | Find first file
2018-12-25T12:22:05.186170594Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.193595898Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:22:05.194860992Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:22:05.201193241Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:22:05.203189917Z 64 PC: 15219 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:22:05.218583541Z 62 PC: 1521d | Close file
2018-12-25T12:22:05.228067433Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.235290755Z 79 PC: 131dd | Find next file
2018-12-25T12:22:05.240968203Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.24804476Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.248735825Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.255105353Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.258001024Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.266937917Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.276341773Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.285331555Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.291145925Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.298457814Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.300354018Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.307273921Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.309683186Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.319257491Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.328561555Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.336953572Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.343304618Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.350488485Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.351619801Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.358568708Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.361042468Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.369542244Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.380226506Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.389098994Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.395132416Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.40172128Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.404656938Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.412566129Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.414740667Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.423502064Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.432138731Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.439374971Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.445885223Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.452848069Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.453624356Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.461769058Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.464211429Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.474659305Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.48418031Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.491625102Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.497907473Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.504944582Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.505774108Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.512662816Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.515357882Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.524232267Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.533242833Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.54099344Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.546394487Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.552849589Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.561519838Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.567891708Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.56980904Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.578757818Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.587574975Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.59474425Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.598396145Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:22:05.603582452Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8852,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:05.373155473Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.385270404Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:05.387329614Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.388491574Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.390225226Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:22:05.392262942Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:22:05.394410397Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.395513959Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.396427695Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:22:05.397591734Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:22:05.399276547Z 9 PC: 13109 | Display string (String= ' ANOTHER YEAR ')
2018-12-25T12:22:05.402753839Z 78 PC: 1317a | Find first file
2018-12-25T12:22:05.409191647Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.412710628Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:22:05.414516397Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:22:05.418742627Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:22:05.420242671Z 64 PC: 15219 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:22:05.43140489Z 62 PC: 1521d | Close file
2018-12-25T12:22:05.43730438Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.441347549Z 79 PC: 131dd | Find next file
2018-12-25T12:22:05.452446146Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.45605048Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.456699973Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.461447981Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.463596283Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.472579298Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.484950912Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.49231256Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.497725931Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.514608395Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.515913371Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.523220157Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.526515953Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.535077198Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.544558636Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.552272961Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.557650948Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.579081468Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.580561039Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.586983477Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.589129305Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.598172432Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.607648642Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.615005587Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.621687257Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.628466459Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.629241658Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.636488917Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.638659829Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.647296511Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.657035963Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.664494161Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.668420714Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.672193981Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.673221368Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.677245213Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.679352086Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.687791506Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.696470811Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.704546916Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.71014576Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.716944469Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.718271908Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.725213379Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.727793847Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.736650878Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.745738453Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.753162102Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.75891407Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.767202888Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.768214249Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.774681677Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.777880497Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.786197367Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.794539732Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.812343768Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.815248834Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:22:05.821238317Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8852,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:05.605356366Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.612649033Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:05.614503661Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.61548453Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.617256513Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:22:05.61933959Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:22:05.621443009Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.623133678Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.624227852Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:22:05.626366107Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:22:05.629259656Z 78 PC: 1317a | Find first file
2018-12-25T12:22:05.64052843Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.6477371Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:22:05.648850898Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:22:05.655153936Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:22:05.657067521Z 64 PC: 15219 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:22:05.671260892Z 62 PC: 1521d | Close file
2018-12-25T12:22:05.679999854Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.688267058Z 79 PC: 131dd | Find next file
2018-12-25T12:22:05.694518657Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.701102499Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.701784657Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.708649646Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.71146971Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.719861737Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.739148027Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.747194478Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.752558433Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.759175086Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.76024763Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.767111096Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.770325258Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.779453967Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.788774895Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.796334286Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.801676105Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.80812711Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.809384406Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.816162693Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.818600084Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.827238211Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.837011748Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.845206522Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.85209167Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.859233239Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.86005684Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.867365608Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.870971746Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.880416918Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.889639757Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.897764523Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.903867619Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.910725664Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.912496034Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.919831545Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.922289123Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.931711104Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.940662139Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.948060627Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:05.954489187Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.96121875Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:05.962222995Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:05.969713609Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:05.972388559Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:05.981685457Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:05.991581728Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.999102226Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.004713069Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.0122065Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.013443672Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.019978686Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.022857334Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:22:06.03115337Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.039828209Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.048681767Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.051127526Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:22:06.056251859Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8852,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:05.915843931Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.922934881Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:05.924724431Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.925785738Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.927846969Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:22:05.929917998Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:22:05.93203528Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:22:05.933586691Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:05.935408305Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:22:05.937243288Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:22:05.948560397Z 78 PC: 1317a | Find first file
2018-12-25T12:22:05.959852902Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:05.966660199Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:22:05.967790692Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:22:05.974161093Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:22:05.976950703Z 64 PC: 151e4 | Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:22:05.984856696Z 64 PC: 151ee | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:22:05.999913246Z 62 PC: 1521d | Close file
2018-12-25T12:22:06.008460939Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.015931352Z 79 PC: 131dd | Find next file
2018-12-25T12:22:06.022264941Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.0287878Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.029394054Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.036346246Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.038446588Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:22:06.045107627Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:22:06.062733017Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.073796689Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.081069795Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.090959801Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.097747233Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.098830507Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.10653096Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.109235999Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:22:06.115989282Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:22:06.122352024Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.127947076Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.131885166Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.135683342Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.139175113Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.140513686Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.144914881Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.146431137Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:22:06.150581331Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:22:06.156387887Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.165376273Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.172489049Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.177856407Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.185459629Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.186115708Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.192309691Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.194734193Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:22:06.200930163Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:22:06.209518633Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.218203828Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.225898714Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.231473848Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.238468513Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.239174423Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.245457728Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.248622434Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:22:06.254886137Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:22:06.263506236Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.272666455Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.280205247Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.285758238Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.293650454Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.294731512Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.301371908Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.304219621Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:22:06.31121836Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:22:06.320530945Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.329977386Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.337283298Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.342691829Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.350452831Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:22:06.351320512Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:22:06.357594174Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:22:06.360635832Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:22:06.36330464Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:22:06.371981851Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:22:06.381652355Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:22:06.388987734Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:22:06.391311932Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:22:06.397390664Z 76 PC: 13262 | Terminate with return code (Return code = '0')