Sample viewer

vx.netlux.org/Virus.DOS.Bishop.2855

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:50.164316508Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.16951893Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:48:50.171858025Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:50.173234948Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:50.175167266Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-17T22:48:50.177231219Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-17T22:48:50.179454835Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.181736804Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:50.183648785Z 48 PC: 12fe9 | Get DOS version
2018-12-17T22:48:50.185527989Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-17T22:48:50.193504014Z 78 PC: 1317a | Find first file
2018-12-17T22:48:50.204937356Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.211337835Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.212070592Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.218582993Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.220709634Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.227164818Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.242226738Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.250866852Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.259726275Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.265514289Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.271997723Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.272654745Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.279612581Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.281764245Z 64 PC: 151e4 | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.288206629Z 64 PC: 151ee | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.297335416Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.306260776Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.313632149Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.317641248Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.32170342Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.322302628Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.326813363Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.328925398Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.335175072Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.346445991Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.354078052Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.361886879Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.36987045Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.376951438Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.377792659Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.384681471Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.387987095Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.394484064Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.403854175Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.412793656Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.427836285Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.432671895Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.443210676Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.444462851Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.452778651Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.455146253Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.461725718Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.470951851Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.481232394Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.488813756Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.494843176Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.501971349Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.503143678Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.510048423Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.513076889Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.520462929Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.528095532Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.537178397Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.544764603Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.550694815Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.558144917Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.558970959Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.565603333Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.567991354Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.574182682Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.581880051Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.591799399Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.599704498Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.605705228Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.613338177Z 98 PC: 14ea6 | Get current PSP
2018-12-17T22:48:50.614280534Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-17T22:48:50.620756689Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-17T22:48:50.623559304Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:50.626360708Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-17T22:48:50.635530561Z 62 PC: 1521d | Close file
2018-12-17T22:48:50.6449198Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:50.652618014Z 79 PC: 131dd | Find next file
2018-12-17T22:48:50.655260679Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-17T22:48:50.661670235Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9687,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:37.22904668Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:37.237549751Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:37.239996824Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:37.241715649Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:37.243866356Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:23:37.246887599Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:23:37.249651561Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:37.251433582Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:37.253052402Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:23:37.254946744Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:23:37.257294359Z 78 PC: 1317a | Find first file
2018-12-25T12:23:37.26937241Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.275828748Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:23:37.290762679Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:23:37.299276391Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:23:37.301375927Z 64 PC: 15219 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:23:37.315198321Z 62 PC: 1521d | Close file
2018-12-25T12:23:37.325120379Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.332729263Z 79 PC: 131dd | Find next file
2018-12-25T12:23:37.338353807Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.346098286Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.347566848Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.354215121Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.357113851Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.366037587Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.375559914Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.383906812Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.390000775Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.396749459Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.398209563Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.405885115Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.408362198Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.417235464Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.427047198Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.43722774Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.446487336Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.453954881Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.455400374Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.462824571Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.466319663Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.476058722Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.489952768Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.498978839Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.505042285Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.51160787Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.513718772Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.520591318Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.523020032Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.532713731Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.542166497Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.549709158Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.556177771Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.564557626Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.565460825Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.572202248Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.575449414Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.584146652Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.59316566Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.601812772Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.607437633Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.614220375Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.616323846Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.622943902Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.625907244Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.639061204Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.64885636Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.656368615Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.662586554Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.669666445Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:37.670719492Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:37.677980032Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:37.680639681Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:37.689668472Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:37.698587891Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:37.706922636Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:37.709463207Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:23:37.714825222Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9687,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:38.754449665Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:38.762185137Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:38.764378734Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:38.765738982Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:38.768266333Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:23:38.770592724Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:23:38.773072649Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:38.774696295Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:38.776747147Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:23:38.779073824Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:23:38.781315346Z 9 PC: 13109 | Display string (String= ' ANOTHER YEAR ')
2018-12-25T12:23:38.786881096Z 78 PC: 1317a | Find first file
2018-12-25T12:23:38.799270205Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.807030863Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:23:38.809379737Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:23:38.816315346Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:23:38.818822103Z 64 PC: 15219 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:23:38.833261125Z 62 PC: 1521d | Close file
2018-12-25T12:23:38.842939699Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.853212504Z 79 PC: 131dd | Find next file
2018-12-25T12:23:38.859279533Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.866864221Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:38.8684353Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:38.875810227Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:38.878243401Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:38.886950149Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:38.89557261Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.907033383Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:38.915638863Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.922447331Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:38.924675768Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:38.931167302Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:38.933191967Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:38.946031922Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:38.955282842Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.962762915Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:38.969503728Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.976286244Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:38.977060208Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:38.984450779Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:38.986513922Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:38.995127687Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.007689446Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.015876905Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.021645808Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.028955692Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.029839362Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.036342109Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.039504028Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.048508471Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.05767891Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.066115742Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.071649324Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.079046269Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.08033393Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.087885349Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.090216121Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.098789014Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.108840292Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.116436799Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.121965796Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.129764008Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.130665252Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.137191445Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.14070537Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.149782836Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.158473148Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.166356228Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.174817003Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.181548802Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.18329585Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.190310572Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.192591062Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.201797651Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.211609035Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.219144864Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.22199053Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:23:39.228303892Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9687,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:38.93887144Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:38.946528006Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:38.948409918Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:38.949478686Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:38.951701244Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:23:38.953726015Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:23:38.955906819Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:38.957549254Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:38.95872804Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:23:38.960501385Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:23:38.963412548Z 78 PC: 1317a | Find first file
2018-12-25T12:23:38.975430993Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:38.982805621Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:23:38.983753236Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:23:38.991186209Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:23:38.993194178Z 64 PC: 15219 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:23:39.008194648Z 62 PC: 1521d | Close file
2018-12-25T12:23:39.017547816Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.025371083Z 79 PC: 131dd | Find next file
2018-12-25T12:23:39.030741282Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.037963109Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.038823129Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.045104176Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.048931762Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.058954744Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.071435581Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.080011224Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.085407439Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.102730522Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.104321393Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.110732896Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.112879269Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.13759737Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.146486583Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.15422643Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.160531465Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.167224918Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.168108049Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.175025454Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.177449998Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.186002425Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.196358175Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.204409796Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.210275023Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.217082906Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.219195174Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.225841983Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.228264015Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.238223255Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.247384755Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.25496976Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.262318246Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.269272614Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.27042502Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.277973362Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.280818403Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.292654409Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.302138684Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.310127089Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.315780161Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.32334924Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.324603061Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.331292735Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.333508684Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.342450702Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.351144039Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.356423321Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.360014698Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.363951777Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.364798932Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.369154383Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.370680879Z 64 PC: 15219 | Write file or device (See above)
2018-12-25T12:23:39.376332633Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.381857085Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.385931796Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.387782701Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:23:39.390943469Z 76 PC: 13262 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9687,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:39.202200239Z 37 PC: 12c38 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:39.20993021Z 37 PC: 12cff | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:39.212390747Z 53 PC: 12efc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:39.213762503Z 37 PC: 12f0e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:39.215702322Z 44 PC: 12f5e | Get time 0x12f5e: push dx
0x12f5f: jmp 0x12fbc
0x12f62: mov ah, 0x2c
0x12f64: int 0x21
0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
2018-12-25T12:23:39.218098096Z 44 PC: 12f66 | Get time 0x12f66: pop cx
0x12f67: cmp ch, dh
0x12f69: jne 0x12f6e
0x12f6b: jmp 0x12fcb
0x12f6e: cmp cl, dl
0x12f70: jb 0x12f89
0x12f72: cmp ch, 0x3b
0x12f75: jne 0x12f7f
0x12f77: cmp dh, 0
0x12f7a: ja 0x12f89
0x12f7c: jmp 0x12fcb
0x12f7f: sub dh, ch
0x12f81: cmp dh, 1
0x12f84: ja 0x12f89
0x12f86: jmp 0x12fcb
0x12f89: mov ah, 2
0x12f8b: mov di, 0x575
0x12f8e: mov dl, byte ptr [di]
0x12f90: sub dl, 0x10
0x12f93: inc di
2018-12-25T12:23:39.220761398Z 37 PC: 12e31 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:23:39.222569239Z 37 PC: 12e43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:39.224620359Z 48 PC: 12fe9 | Get DOS version
2018-12-25T12:23:39.230018738Z 42 PC: 130e0 | Get date 0x130e0: cmp dx, 0x106
0x130e4: je 0x130e9
0x130e6: jmp 0x1310d
0x130e9: mov cx, 0x19
0x130ec: mov di, 0x667
0x130ef: mov ah, byte ptr [di]
0x130f1: cmp ah, 1
0x130f4: jne 0x130f9
0x130f6: jmp 0x13102
0x130f9: mov ah, byte ptr [di]
0x130fb: ror ah, 1
0x130fd: mov byte ptr [di], ah
0x130ff: inc di
0x13100: loop 0x130f9
0x13102: mov dx, 0x668
0x13105: mov ah, 9
0x13107: int 0x21
0x13109: jmp 0x1310d
0x1310c: add byte ptr [bx + 0x65b], bh
0x13110: mov ah, byte ptr [di]
2018-12-25T12:23:39.23259053Z 78 PC: 1317a | Find first file
2018-12-25T12:23:39.244993093Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.251785814Z 98 PC: 14ea6 | Get current PSP
2018-12-25T12:23:39.25295226Z 61 PC: 14eb0 | Open file (Filename = '')
2018-12-25T12:23:39.260619129Z 42 PC: 14ebd | Get date 0x14ebd: cmp dh, 0xc
0x14ec0: je 0x14ec5
0x14ec2: jmp 0x1520f
0x14ec5: mov ah, byte ptr [0x644]
0x14ec9: inc ah
0x14ecb: mov byte ptr [0x644], ah
0x14ecf: cmp ah, 0x10
0x14ed2: ja 0x14ed7
0x14ed4: jmp 0x15070
0x14ed7: call 0x1505a
0x14eda: mov ah, 0x40
0x14edc: mov cx, 0x100
0x14edf: call 0x15047
0x14ee2: mov di, 0x200
0x14ee5: mov bx, 0x2354
0x14ee8: mov ax, word ptr [di]
0x14eea: rol bx, 1
0x14eec: sub cx, 0x17
0x14ef0: xor ax, bx
0x14ef2: ror cx, 1
2018-12-25T12:23:39.263165888Z 64 PC: 1504a | Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:23:39.270071074Z 64 PC: 15054 | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:23:39.285745763Z 62 PC: 1521d | Close file
2018-12-25T12:23:39.295878742Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.303422591Z 79 PC: 131dd | Find next file
2018-12-25T12:23:39.312596423Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.319200018Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.319977885Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.326979292Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.329691417Z 64 PC: 151e4 | Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:23:39.336779881Z 64 PC: 151ee | Write file or device (Write 4517 bytes on handle 5)
2018-12-25T12:23:39.346972969Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.353873727Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.357898676Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.361697607Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.365983762Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.366869015Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.373939887Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.375575761Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:23:39.379835637Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:23:39.385974463Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.391891529Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.395867018Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.400140008Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.403971535Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.404855543Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.409463425Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.411418093Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:23:39.415715841Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:23:39.421651263Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.42763516Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.431546924Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.435139426Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.441963173Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.442681561Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.44921614Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.452680472Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:23:39.4591744Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:23:39.468384961Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.476331324Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.481947279Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.487397094Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.494212068Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.494972541Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.501296467Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.503756827Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:23:39.510062466Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:23:39.516379401Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.52237306Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.526509686Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.531845642Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.539655616Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.540347119Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.546912013Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.549846312Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:23:39.556310467Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:23:39.565914445Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.57553657Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.582944445Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.588302676Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.595691172Z 98 PC: 14ea6 | Get current PSP (See above)
2018-12-25T12:23:39.596462758Z 61 PC: 14eb0 | Open file (See above)
2018-12-25T12:23:39.603589586Z 42 PC: 14ebd | Get date (See above)
2018-12-25T12:23:39.607047836Z 64 PC: 1504a | Write file or device (See above)
2018-12-25T12:23:39.609775797Z 64 PC: 15054 | Write file or device (See above)
2018-12-25T12:23:39.622856603Z 62 PC: 1521d | Close file (See above)
2018-12-25T12:23:39.632485005Z 37 PC: 12c38 | Set interrupt vector (See above)
2018-12-25T12:23:39.639726652Z 79 PC: 131dd | Find next file (See above)
2018-12-25T12:23:39.642011163Z 9 PC: 131e6 | Display string (String= '- ROOK - ')
2018-12-25T12:23:39.647778024Z 76 PC: 13262 | Terminate with return code (Return code = '0')