Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1704.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:00.343019763Z 48 PC: 12c81 | Get DOS version
2018-12-17T22:50:00.344648637Z 75 PC: 12c8f | Execute program
2018-12-17T22:50:00.346045841Z 53 PC: 12ca8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:00.347260153Z 80 PC: 12d14 | Set current PSP
2018-12-17T22:50:00.349263452Z 37 PC: 12bdf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:00.350518532Z 26 PC: 12be7 | Set disk transfer address
2018-12-17T22:50:00.351522842Z 42 PC: 12bee | Get date 0x12bee: cmp cx, 0x7c4
0x12bf2: ja 0x12c59
0x12bf4: je 0x12c20
0x12bf6: cmp cx, 0x7bc
0x12bfa: jne 0x12c59
0x12bfc: push ds
0x12bfd: mov ax, 0x3528
0x12c00: int 0x21
0x12c02: mov word ptr cs:[0x13b], bx
0x12c07: mov word ptr cs:[0x13d], es
0x12c0c: mov ax, 0x2528
0x12c0f: mov dx, 0x725
0x12c12: push cs
0x12c13: pop ds
0x12c14: int 0x21
0x12c16: pop ds
0x12c17: or byte ptr cs:[0x157], 8
0x12c1d: jmp 0x12c25
0x12c1f: nop
0x12c20: cmp dh, 0xa
2018-12-17T22:50:00.353575393Z 74 PC: 13214 | Reallocate memory
2018-12-17T22:50:00.355347632Z 48 PC: 13276 | Get DOS version
2018-12-17T22:50:00.356797608Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-17T22:50:00.369462233Z 75 PC: 132b4 | Execute program
2018-12-17T22:50:00.377897377Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-17T22:50:00.384197199Z 75 PC: 132b4 | Execute program
2018-12-17T22:50:00.390817514Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-17T22:50:00.402467822Z 87 PC: 12ca0 | Get or set file date and time
2018-12-17T22:50:00.404496346Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:00.410274072Z 66 PC: 12cc5 | Move file pointer
2018-12-17T22:50:00.413289815Z 62 PC: 12cd2 | Close file
2018-12-17T22:50:00.415124448Z 75 PC: 132b4 | Execute program
2018-12-17T22:50:00.508727937Z 48 PC: 39574 | Get DOS version
2018-12-17T22:50:00.511338882Z 74 PC: 395c4 | Reallocate memory
2018-12-17T22:50:00.513602099Z 48 PC: 39628 | Get DOS version
2018-12-17T22:50:00.515081682Z 53 PC: 39630 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:00.51662422Z 37 PC: 39642 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:00.518586638Z 53 PC: 4032f | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:50:00.520111525Z 53 PC: 4032f | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:50:00.521614857Z 53 PC: 4032f | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:50:00.524351371Z 53 PC: 4032f | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:50:00.529624849Z 53 PC: 4032f | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:50:00.540943709Z 53 PC: 4032f | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:50:00.543281662Z 53 PC: 4032f | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:50:00.544859399Z 53 PC: 4032f | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:50:00.546297633Z 53 PC: 4032f | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:50:00.55206255Z 53 PC: 4032f | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:50:00.55355149Z 53 PC: 4032f | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:50:00.555426846Z 37 PC: 4035e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:50:00.557622575Z 37 PC: 4035e | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:50:00.559330933Z 37 PC: 4035e | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:50:00.560811588Z 37 PC: 4035e | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:50:00.563367368Z 37 PC: 4035e | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:50:00.564794401Z 37 PC: 4035e | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:50:00.56620812Z 37 PC: 4035e | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:50:00.567672679Z 37 PC: 4035e | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:50:00.570920654Z 37 PC: 40365 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:50:00.572304431Z 37 PC: 4036a | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:50:00.573945533Z 68 PC: 396d3 | I/O control for devices (Set for = '��Y���^����64r�F�����N�t|��F�')
2018-12-17T22:50:00.576545636Z 68 PC: 396d3 | I/O control for devices (Set for = '@�')
2018-12-17T22:50:00.578194822Z 68 PC: 396d3 | I/O control for devices (Set for = 'B�N;�tC��vb�F u\� �W� ��� ')
2018-12-17T22:50:00.579817381Z 68 PC: 396d3 | I/O control for devices (Set for = '� �W� ��� ')
2018-12-17T22:50:00.582394118Z 68 PC: 396d3 | I/O control for devices (Set for = '� �W� ��� ')
2018-12-17T22:50:00.584845299Z 53 PC: 2a663 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:50:00.586683525Z 37 PC: 2a675 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:50:00.588854771Z 53 PC: 300ae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:00.590596619Z 53 PC: 300bb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:00.591830853Z 53 PC: 300c8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:00.593317596Z 37 PC: 300dd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:00.594554938Z 37 PC: 300e5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:00.596484085Z 37 PC: 300ed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:00.598266858Z 53 PC: 33e10 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:00.600045948Z 53 PC: 33e1d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:50:00.601472411Z 53 PC: 33e2c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.603018095Z 37 PC: 33e39 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:00.60519094Z 53 PC: 33e40 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:00.60660603Z 37 PC: 33e4d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:50:00.608700506Z 53 PC: 33e59 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:00.615778464Z 48 PC: 33f1e | Get DOS version
2018-12-17T22:50:00.617510015Z 74 PC: 34bcb | Reallocate memory
2018-12-17T22:50:00.619456879Z 74 PC: 34bcb | Reallocate memory
2018-12-17T22:50:00.621519625Z 68 PC: 33d25 | I/O control for devices (Set for = 'pt������n~�:4*�P')
2018-12-17T22:50:00.623090464Z 68 PC: 33d25 | I/O control for devices (Set for = '')
2018-12-17T22:50:00.625255567Z 51 PC: 33d43 | Get or set Ctrl-Break
2018-12-17T22:50:00.626910575Z 51 PC: 33d4f | Get or set Ctrl-Break
2018-12-17T22:50:00.630326408Z 72 PC: 34386 | Allocate memory
2018-12-17T22:50:00.632851857Z 74 PC: 34bcb | Reallocate memory
2018-12-17T22:50:00.635223677Z 72 PC: 34386 | Allocate memory
2018-12-17T22:50:00.636815892Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.647852295Z 48 PC: 2449f | Get DOS version
2018-12-17T22:50:00.650391353Z 61 PC: 242ac | Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-17T22:50:00.661021179Z 63 PC: 242ac | Read file or device (Read 120 bytes on handle 5)
2018-12-17T22:50:00.667246013Z 63 PC: 242ac | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:50:00.670854738Z 63 PC: 242ac | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:00.673632065Z 63 PC: 242ac | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:50:00.67634765Z 63 PC: 242ac | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:00.679606186Z 63 PC: 242ac | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:50:00.682343261Z 63 PC: 242ac | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:00.685050156Z 63 PC: 242ac | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:50:00.688703862Z 63 PC: 242ac | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:00.691919874Z 62 PC: 242ac | Close file
2018-12-17T22:50:00.694033354Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:00.696187937Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.703359006Z 53 PC: 4cbe8 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:50:00.704821248Z 37 PC: 4cbf4 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:50:00.711212581Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:50:00.716195622Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.717819158Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:00.719345688Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.720784484Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:50:00.722015845Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:50:00.723319464Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:50:00.724271911Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:00.725374339Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:00.726910574Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:50:00.727932418Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:50:00.728913299Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.730333895Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:00.731767023Z 48 PC: 4d49a | Get DOS version
2018-12-17T22:50:00.7330258Z 53 PC: 4d4b8 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-17T22:50:00.734658766Z 37 PC: 4d4cd | Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:08.244071174Z 48 PC: 12c81 | Get DOS version
2018-12-25T12:27:08.24665483Z 75 PC: 12c8f | Execute program
2018-12-25T12:27:08.248843838Z 53 PC: 12ca8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:08.250798523Z 80 PC: 12d14 | Set current PSP
2018-12-25T12:27:08.254029817Z 37 PC: 12bdf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:08.255512638Z 26 PC: 12be7 | Set disk transfer address
2018-12-25T12:27:08.25739542Z 42 PC: 12bee | Get date 0x12bee: cmp cx, 0x7c4
0x12bf2: ja 0x12c59
0x12bf4: je 0x12c20
0x12bf6: cmp cx, 0x7bc
0x12bfa: jne 0x12c59
0x12bfc: push ds
0x12bfd: mov ax, 0x3528
0x12c00: int 0x21
0x12c02: mov word ptr cs:[0x13b], bx
0x12c07: mov word ptr cs:[0x13d], es
0x12c0c: mov ax, 0x2528
0x12c0f: mov dx, 0x725
0x12c12: push cs
0x12c13: pop ds
0x12c14: int 0x21
0x12c16: pop ds
0x12c17: or byte ptr cs:[0x157], 8
0x12c1d: jmp 0x12c25
0x12c1f: nop
0x12c20: cmp dh, 0xa
2018-12-25T12:27:08.26038519Z 74 PC: 13214 | Reallocate memory
2018-12-25T12:27:08.263768524Z 48 PC: 13276 | Get DOS version
2018-12-25T12:27:08.265355571Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-25T12:27:08.272966693Z 75 PC: 132b4 | Execute program
2018-12-25T12:27:08.280972219Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:08.294357516Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:08.301708338Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:08.313419023Z 87 PC: 12ca0 | Get or set file date and time
2018-12-25T12:27:08.316826829Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:08.323409617Z 66 PC: 12cc5 | Move file pointer
2018-12-25T12:27:08.325700603Z 62 PC: 12cd2 | Close file
2018-12-25T12:27:08.328215762Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:08.448133881Z 48 PC: 39574 | Get DOS version
2018-12-25T12:27:08.450547353Z 74 PC: 395c4 | Reallocate memory
2018-12-25T12:27:08.453167997Z 48 PC: 39628 | Get DOS version
2018-12-25T12:27:08.454795141Z 53 PC: 39630 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.457452408Z 37 PC: 39642 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.459029151Z 53 PC: 4032f | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:08.460618917Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.462284252Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.46477262Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.466187579Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.467500585Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.469258651Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.47077503Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.473522619Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.475732668Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.477260092Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.478565209Z 37 PC: 4035e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:08.480597282Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.481965087Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.483159041Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.485125494Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.486670349Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.488160654Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.489740418Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.490953889Z 37 PC: 40365 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T12:27:08.492187603Z 37 PC: 4036a | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T12:27:08.494053071Z 68 PC: 396d3 | I/O control for devices (Set for = '��Y���^����64r�F�����N�t|��F�')
2018-12-25T12:27:08.49615337Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.497980733Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.499555321Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.50185309Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.504406446Z 53 PC: 2a663 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:08.505585445Z 37 PC: 2a675 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:08.507201703Z 53 PC: 300ae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.508245425Z 53 PC: 300bb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:08.509326634Z 53 PC: 300c8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:08.510720716Z 37 PC: 300dd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.511704783Z 37 PC: 300e5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:08.512752306Z 37 PC: 300ed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:08.514498328Z 53 PC: 33e10 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:08.515904072Z 53 PC: 33e1d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:08.517136492Z 53 PC: 33e2c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:08.519342269Z 37 PC: 33e39 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:08.520423021Z 53 PC: 33e40 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:08.521605912Z 37 PC: 33e4d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:08.523428541Z 53 PC: 33e59 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:08.530989793Z 48 PC: 33f1e | Get DOS version
2018-12-25T12:27:08.532772761Z 74 PC: 34bcb | Reallocate memory
2018-12-25T12:27:08.53614895Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:08.537944799Z 68 PC: 33d25 | I/O control for devices (Set for = 'pt������n~�:4*�P')
2018-12-25T12:27:08.539848061Z 68 PC: 33d25 | I/O control for devices (See above)
2018-12-25T12:27:08.542052843Z 51 PC: 33d43 | Get or set Ctrl-Break
2018-12-25T12:27:08.544328774Z 51 PC: 33d4f | Get or set Ctrl-Break
2018-12-25T12:27:08.545926687Z 72 PC: 34386 | Allocate memory
2018-12-25T12:27:08.550156288Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:08.552334819Z 72 PC: 34386 | Allocate memory (See above)
2018-12-25T12:27:08.554644407Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:08.567361606Z 48 PC: 2449f | Get DOS version
2018-12-25T12:27:08.569574527Z 61 PC: 242ac | Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T12:27:08.580506844Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.587738792Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.591528491Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.594314952Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.597199119Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.601033758Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.604245818Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.607242733Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.610861016Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.613732845Z 62 PC: 242ac | Close file (See above)
2018-12-25T12:27:08.615695558Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:08.617935866Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:08.622676587Z 53 PC: 4cbe8 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:08.623860458Z 37 PC: 4cbf4 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:08.630779251Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:27:08.638469632Z 37 PC: 2f731 | Set interrupt vector (See above)
2018-12-25T12:27:08.640732791Z 53 PC: 2f9ba | Get interrupt vector (See above)
2018-12-25T12:27:08.642532804Z 37 PC: 2f9c7 | Set interrupt vector (See above)
2018-12-25T12:27:08.644787291Z 53 PC: 42665 | Get interrupt vector (See above)
2018-12-25T12:27:08.647136989Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:08.649275354Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:08.650480327Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:08.651731463Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:08.653196142Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:08.655635667Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:08.656756061Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:08.657837575Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:08.659171638Z 48 PC: 4d49a | Get DOS version
2018-12-25T12:27:08.660734823Z 53 PC: 4d4b8 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:27:08.662798943Z 37 PC: 4d4cd | Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:08.384519744Z 48 PC: 12c81 | Get DOS version
2018-12-25T12:27:08.386722768Z 75 PC: 12c8f | Execute program
2018-12-25T12:27:08.388334349Z 53 PC: 12ca8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:08.389577714Z 80 PC: 12d14 | Set current PSP
2018-12-25T12:27:08.391321078Z 37 PC: 12bdf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:08.392961405Z 26 PC: 12be7 | Set disk transfer address
2018-12-25T12:27:08.394110435Z 42 PC: 12bee | Get date 0x12bee: cmp cx, 0x7c4
0x12bf2: ja 0x12c59
0x12bf4: je 0x12c20
0x12bf6: cmp cx, 0x7bc
0x12bfa: jne 0x12c59
0x12bfc: push ds
0x12bfd: mov ax, 0x3528
0x12c00: int 0x21
0x12c02: mov word ptr cs:[0x13b], bx
0x12c07: mov word ptr cs:[0x13d], es
0x12c0c: mov ax, 0x2528
0x12c0f: mov dx, 0x725
0x12c12: push cs
0x12c13: pop ds
0x12c14: int 0x21
0x12c16: pop ds
0x12c17: or byte ptr cs:[0x157], 8
0x12c1d: jmp 0x12c25
0x12c1f: nop
0x12c20: cmp dh, 0xa
2018-12-25T12:27:08.396290858Z 74 PC: 13214 | Reallocate memory
2018-12-25T12:27:08.398016522Z 48 PC: 13276 | Get DOS version
2018-12-25T12:27:08.399232Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-25T12:27:08.4061445Z 75 PC: 132b4 | Execute program
2018-12-25T12:27:08.413782101Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:08.42064318Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:08.427771125Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:08.439133001Z 87 PC: 12ca0 | Get or set file date and time
2018-12-25T12:27:08.441895478Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:08.45065043Z 66 PC: 12cc5 | Move file pointer
2018-12-25T12:27:08.453464542Z 62 PC: 12cd2 | Close file
2018-12-25T12:27:08.455833854Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:08.568329115Z 48 PC: 39574 | Get DOS version
2018-12-25T12:27:08.570314804Z 74 PC: 395c4 | Reallocate memory
2018-12-25T12:27:08.573336131Z 48 PC: 39628 | Get DOS version
2018-12-25T12:27:08.574441813Z 53 PC: 39630 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.575481202Z 37 PC: 39642 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.577215166Z 53 PC: 4032f | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:08.578589558Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.579937975Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.583633549Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.585127396Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.586923736Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.589323359Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.590616125Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.591694967Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.594062764Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.596249305Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:08.597467125Z 37 PC: 4035e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:08.599370864Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.601333186Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.602997879Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.606132163Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.607567114Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.60889926Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.610530523Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:08.612701269Z 37 PC: 40365 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T12:27:08.614315293Z 37 PC: 4036a | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T12:27:08.616196365Z 68 PC: 396d3 | I/O control for devices (Set for = '��Y���^����64r�F�����N�t|��F�')
2018-12-25T12:27:08.618714252Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.620529165Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.622215866Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.624701735Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:08.627301368Z 53 PC: 2a663 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:08.63042298Z 37 PC: 2a675 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:08.632938681Z 53 PC: 300ae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.634350314Z 53 PC: 300bb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:08.636358407Z 53 PC: 300c8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:08.638707272Z 37 PC: 300dd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:08.640205916Z 37 PC: 300e5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:08.641485813Z 37 PC: 300ed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:08.642937981Z 53 PC: 33e10 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:08.644182638Z 53 PC: 33e1d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:08.645220549Z 53 PC: 33e2c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:08.646533208Z 37 PC: 33e39 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:08.647621651Z 53 PC: 33e40 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:08.64851956Z 37 PC: 33e4d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:08.649929957Z 53 PC: 33e59 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:08.65474452Z 48 PC: 33f1e | Get DOS version
2018-12-25T12:27:08.6567581Z 74 PC: 34bcb | Reallocate memory
2018-12-25T12:27:08.659620968Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:08.661555629Z 68 PC: 33d25 | I/O control for devices (Set for = 'pt������n~�:4*�P')
2018-12-25T12:27:08.663411246Z 68 PC: 33d25 | I/O control for devices (See above)
2018-12-25T12:27:08.665069258Z 51 PC: 33d43 | Get or set Ctrl-Break
2018-12-25T12:27:08.666900387Z 51 PC: 33d4f | Get or set Ctrl-Break
2018-12-25T12:27:08.66843334Z 72 PC: 34386 | Allocate memory
2018-12-25T12:27:08.67140657Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:08.673553991Z 72 PC: 34386 | Allocate memory (See above)
2018-12-25T12:27:08.675525795Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:08.688476523Z 48 PC: 2449f | Get DOS version
2018-12-25T12:27:08.690399175Z 61 PC: 242ac | Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T12:27:08.701579437Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.70884654Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.71259373Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.715966044Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.719378336Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.723663503Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.726496498Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.729693965Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.733121167Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:08.736117498Z 62 PC: 242ac | Close file (See above)
2018-12-25T12:27:08.738291196Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:08.739905912Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:08.745538924Z 53 PC: 4cbe8 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:08.7470965Z 37 PC: 4cbf4 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:08.75360374Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:27:08.761784585Z 37 PC: 2f731 | Set interrupt vector (See above)
2018-12-25T12:27:08.764596313Z 53 PC: 2f9ba | Get interrupt vector (See above)
2018-12-25T12:27:08.766067068Z 37 PC: 2f9c7 | Set interrupt vector (See above)
2018-12-25T12:27:08.768937111Z 53 PC: 42665 | Get interrupt vector (See above)
2018-12-25T12:27:08.771030405Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:08.772310087Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:08.774778698Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:08.776274638Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:08.777727112Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:08.791323364Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:08.793047264Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:08.794477251Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:08.79630572Z 48 PC: 4d49a | Get DOS version
2018-12-25T12:27:08.798728244Z 53 PC: 4d4b8 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:27:08.801055171Z 37 PC: 4d4cd | Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:09.023335864Z 48 PC: 12c81 | Get DOS version
2018-12-25T12:27:09.025625628Z 75 PC: 12c8f | Execute program
2018-12-25T12:27:09.02759316Z 53 PC: 12ca8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:09.029239434Z 80 PC: 12d14 | Set current PSP
2018-12-25T12:27:09.03170335Z 37 PC: 12bdf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:09.035576147Z 26 PC: 12be7 | Set disk transfer address
2018-12-25T12:27:09.037363867Z 42 PC: 12bee | Get date 0x12bee: cmp cx, 0x7c4
0x12bf2: ja 0x12c59
0x12bf4: je 0x12c20
0x12bf6: cmp cx, 0x7bc
0x12bfa: jne 0x12c59
0x12bfc: push ds
0x12bfd: mov ax, 0x3528
0x12c00: int 0x21
0x12c02: mov word ptr cs:[0x13b], bx
0x12c07: mov word ptr cs:[0x13d], es
0x12c0c: mov ax, 0x2528
0x12c0f: mov dx, 0x725
0x12c12: push cs
0x12c13: pop ds
0x12c14: int 0x21
0x12c16: pop ds
0x12c17: or byte ptr cs:[0x157], 8
0x12c1d: jmp 0x12c25
0x12c1f: nop
0x12c20: cmp dh, 0xa
2018-12-25T12:27:09.096895503Z 53 PC: 12c43 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:09.099024389Z 37 PC: 12c58 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:09.100701833Z 74 PC: 13214 | Reallocate memory
2018-12-25T12:27:09.102838583Z 48 PC: 13276 | Get DOS version
2018-12-25T12:27:09.106060622Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-25T12:27:09.113942941Z 75 PC: 132b4 | Execute program
2018-12-25T12:27:09.124285383Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:09.133332604Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:09.14055057Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:09.151675081Z 87 PC: 12ca0 | Get or set file date and time
2018-12-25T12:27:09.154008833Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:09.161325906Z 66 PC: 12cc5 | Move file pointer
2018-12-25T12:27:09.163288073Z 62 PC: 12cd2 | Close file
2018-12-25T12:27:09.165978589Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:09.244362558Z 48 PC: 39574 | Get DOS version
2018-12-25T12:27:09.24566608Z 74 PC: 395c4 | Reallocate memory
2018-12-25T12:27:09.247153358Z 48 PC: 39628 | Get DOS version
2018-12-25T12:27:09.249000947Z 53 PC: 39630 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.250120253Z 37 PC: 39642 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.251189369Z 53 PC: 4032f | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:09.253064525Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.25437216Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.255462277Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.257814382Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.25922863Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.260631137Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.276241286Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.277593419Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.279181031Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.281209147Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.283853299Z 37 PC: 4035e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:09.285338796Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.28707917Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.288631121Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.292506311Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.294051332Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.296500522Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.297816477Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.301413187Z 37 PC: 40365 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T12:27:09.302563926Z 37 PC: 4036a | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T12:27:09.304347954Z 68 PC: 396d3 | I/O control for devices (Set for = '��Y���^����64r�F�����N�t|��F�')
2018-12-25T12:27:09.306035428Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.308271699Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.310295791Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.312326251Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.315763968Z 53 PC: 2a663 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:09.318345865Z 37 PC: 2a675 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:09.320141004Z 53 PC: 300ae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.322843492Z 53 PC: 300bb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:09.324263062Z 53 PC: 300c8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:09.325601927Z 37 PC: 300dd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.327919257Z 37 PC: 300e5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:09.32924623Z 37 PC: 300ed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:09.330844449Z 53 PC: 33e10 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:09.333358644Z 53 PC: 33e1d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:09.335006026Z 53 PC: 33e2c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:09.336670526Z 37 PC: 33e39 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:09.339125176Z 53 PC: 33e40 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:09.341524694Z 37 PC: 33e4d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:09.344277015Z 53 PC: 33e59 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:09.352090163Z 48 PC: 33f1e | Get DOS version
2018-12-25T12:27:09.35420711Z 74 PC: 34bcb | Reallocate memory
2018-12-25T12:27:09.356078483Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:09.357950403Z 68 PC: 33d25 | I/O control for devices (Set for = 'pt������n~�:4*�P')
2018-12-25T12:27:09.359593006Z 68 PC: 33d25 | I/O control for devices (See above)
2018-12-25T12:27:09.361187178Z 51 PC: 33d43 | Get or set Ctrl-Break
2018-12-25T12:27:09.362124625Z 51 PC: 33d4f | Get or set Ctrl-Break
2018-12-25T12:27:09.363960936Z 72 PC: 34386 | Allocate memory
2018-12-25T12:27:09.36666608Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:09.369135323Z 72 PC: 34386 | Allocate memory (See above)
2018-12-25T12:27:09.371999974Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:09.384146526Z 48 PC: 2449f | Get DOS version
2018-12-25T12:27:09.386046805Z 61 PC: 242ac | Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T12:27:09.397817231Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.405704421Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.408807142Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.411400753Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.413901106Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.417094444Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.420470933Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.423701521Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.425841639Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.427923218Z 62 PC: 242ac | Close file (See above)
2018-12-25T12:27:09.429899958Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:09.431153404Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:09.434645786Z 53 PC: 4cbe8 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:09.436783285Z 37 PC: 4cbf4 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:09.440163422Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:27:09.446671709Z 37 PC: 2f731 | Set interrupt vector (See above)
2018-12-25T12:27:09.449488981Z 53 PC: 2f9ba | Get interrupt vector (See above)
2018-12-25T12:27:09.452632025Z 37 PC: 2f9c7 | Set interrupt vector (See above)
2018-12-25T12:27:09.454567256Z 53 PC: 42665 | Get interrupt vector (See above)
2018-12-25T12:27:09.456984399Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:09.458211743Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:09.459376604Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:09.461032031Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:09.463626763Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:09.464742261Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:09.465787611Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:09.467839259Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:09.46916921Z 48 PC: 4d49a | Get DOS version
2018-12-25T12:27:09.470784339Z 53 PC: 4d4b8 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:27:09.472642213Z 37 PC: 4d4cd | Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:09.299405272Z 48 PC: 12c81 | Get DOS version
2018-12-25T12:27:09.302033368Z 75 PC: 12c8f | Execute program
2018-12-25T12:27:09.304252183Z 53 PC: 12ca8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:09.306235534Z 80 PC: 12d14 | Set current PSP
2018-12-25T12:27:09.309172583Z 37 PC: 12bdf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:09.316267056Z 26 PC: 12be7 | Set disk transfer address
2018-12-25T12:27:09.318687279Z 42 PC: 12bee | Get date 0x12bee: cmp cx, 0x7c4
0x12bf2: ja 0x12c59
0x12bf4: je 0x12c20
0x12bf6: cmp cx, 0x7bc
0x12bfa: jne 0x12c59
0x12bfc: push ds
0x12bfd: mov ax, 0x3528
0x12c00: int 0x21
0x12c02: mov word ptr cs:[0x13b], bx
0x12c07: mov word ptr cs:[0x13d], es
0x12c0c: mov ax, 0x2528
0x12c0f: mov dx, 0x725
0x12c12: push cs
0x12c13: pop ds
0x12c14: int 0x21
0x12c16: pop ds
0x12c17: or byte ptr cs:[0x157], 8
0x12c1d: jmp 0x12c25
0x12c1f: nop
0x12c20: cmp dh, 0xa
2018-12-25T12:27:09.322122758Z 74 PC: 13214 | Reallocate memory
2018-12-25T12:27:09.324866875Z 48 PC: 13276 | Get DOS version
2018-12-25T12:27:09.327392331Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-25T12:27:09.336323911Z 75 PC: 132b4 | Execute program
2018-12-25T12:27:09.345909511Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:09.353400552Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:09.360649713Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:09.37388006Z 87 PC: 12ca0 | Get or set file date and time
2018-12-25T12:27:09.375771704Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:09.382340829Z 66 PC: 12cc5 | Move file pointer
2018-12-25T12:27:09.385125236Z 62 PC: 12cd2 | Close file
2018-12-25T12:27:09.387643322Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:09.497507425Z 48 PC: 39574 | Get DOS version
2018-12-25T12:27:09.500130979Z 74 PC: 395c4 | Reallocate memory
2018-12-25T12:27:09.502679271Z 48 PC: 39628 | Get DOS version
2018-12-25T12:27:09.504408258Z 53 PC: 39630 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.506729607Z 37 PC: 39642 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.50841624Z 53 PC: 4032f | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:09.510136431Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.512026591Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.513883977Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.515484525Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.51695869Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.519263028Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.520997733Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.522725456Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.525439369Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.526887127Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:09.528640531Z 37 PC: 4035e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:09.531671262Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.533310215Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.534993053Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.537985863Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.539322145Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.540541313Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.542600351Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:09.54415263Z 37 PC: 40365 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T12:27:09.548033076Z 37 PC: 4036a | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T12:27:09.549372586Z 68 PC: 396d3 | I/O control for devices (Set for = '��Y���^����64r�F�����N�t|��F�')
2018-12-25T12:27:09.550843311Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.552074872Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.553223446Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.555195563Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:09.556916632Z 53 PC: 2a663 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:09.558108455Z 37 PC: 2a675 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:09.55968143Z 53 PC: 300ae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.560799001Z 53 PC: 300bb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:09.5619393Z 53 PC: 300c8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:09.563427648Z 37 PC: 300dd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:09.564502879Z 37 PC: 300e5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:09.565477623Z 37 PC: 300ed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:09.567233668Z 53 PC: 33e10 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:09.568252495Z 53 PC: 33e1d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:09.569297736Z 53 PC: 33e2c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:09.570866759Z 37 PC: 33e39 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:09.572427605Z 53 PC: 33e40 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:09.573509842Z 37 PC: 33e4d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:09.575569879Z 53 PC: 33e59 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:09.581777777Z 48 PC: 33f1e | Get DOS version
2018-12-25T12:27:09.583642534Z 74 PC: 34bcb | Reallocate memory
2018-12-25T12:27:09.585690899Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:09.587549114Z 68 PC: 33d25 | I/O control for devices (Set for = 'pt������n~�:4*�P')
2018-12-25T12:27:09.589659841Z 68 PC: 33d25 | I/O control for devices (See above)
2018-12-25T12:27:09.591523588Z 51 PC: 33d43 | Get or set Ctrl-Break
2018-12-25T12:27:09.592731941Z 51 PC: 33d4f | Get or set Ctrl-Break
2018-12-25T12:27:09.594027149Z 72 PC: 34386 | Allocate memory
2018-12-25T12:27:09.596874493Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:09.599071229Z 72 PC: 34386 | Allocate memory (See above)
2018-12-25T12:27:09.600895448Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:09.612599927Z 48 PC: 2449f | Get DOS version
2018-12-25T12:27:09.614927318Z 61 PC: 242ac | Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T12:27:09.625761238Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.632721305Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.636837466Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.639927225Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.642984609Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.646808289Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.650250389Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.653345967Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.657107968Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:09.660352712Z 62 PC: 242ac | Close file (See above)
2018-12-25T12:27:09.662637927Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:09.664233437Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:09.669769669Z 53 PC: 4cbe8 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:09.671383475Z 37 PC: 4cbf4 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:09.678063248Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:27:09.687802027Z 37 PC: 2f731 | Set interrupt vector (See above)
2018-12-25T12:27:09.690405244Z 53 PC: 2f9ba | Get interrupt vector (See above)
2018-12-25T12:27:09.692162235Z 37 PC: 2f9c7 | Set interrupt vector (See above)
2018-12-25T12:27:09.695737328Z 53 PC: 42665 | Get interrupt vector (See above)
2018-12-25T12:27:09.697850133Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:09.699567503Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:09.701859537Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:09.70351368Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:09.705176271Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:09.707101897Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:09.708725198Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:09.710318481Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:09.712713207Z 48 PC: 4d49a | Get DOS version
2018-12-25T12:27:09.714430585Z 53 PC: 4d4b8 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:27:09.716036639Z 37 PC: 4d4cd | Set interrupt vector (Interrupt = '21' AKA 'Sequential write')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:09.740256778Z 48 PC: 12c81 | Get DOS version
2018-12-25T12:27:09.741658357Z 75 PC: 12c8f | Execute program
2018-12-25T12:27:09.744017498Z 53 PC: 12ca8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:09.74581553Z 80 PC: 12d14 | Set current PSP
2018-12-25T12:27:09.748031993Z 37 PC: 12bdf | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:09.756850195Z 26 PC: 12be7 | Set disk transfer address
2018-12-25T12:27:09.758209487Z 42 PC: 12bee | Get date 0x12bee: cmp cx, 0x7c4
0x12bf2: ja 0x12c59
0x12bf4: je 0x12c20
0x12bf6: cmp cx, 0x7bc
0x12bfa: jne 0x12c59
0x12bfc: push ds
0x12bfd: mov ax, 0x3528
0x12c00: int 0x21
0x12c02: mov word ptr cs:[0x13b], bx
0x12c07: mov word ptr cs:[0x13d], es
0x12c0c: mov ax, 0x2528
0x12c0f: mov dx, 0x725
0x12c12: push cs
0x12c13: pop ds
0x12c14: int 0x21
0x12c16: pop ds
0x12c17: or byte ptr cs:[0x157], 8
0x12c1d: jmp 0x12c25
0x12c1f: nop
0x12c20: cmp dh, 0xa
2018-12-25T12:27:09.760989712Z 53 PC: 12c02 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:27:09.762945511Z 37 PC: 12c16 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:27:09.819886783Z 53 PC: 12c43 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:09.821360957Z 37 PC: 12c58 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:09.823734228Z 74 PC: 13214 | Reallocate memory
2018-12-25T12:27:09.826247191Z 48 PC: 13276 | Get DOS version
2018-12-25T12:27:09.827774247Z 61 PC: 12c97 | Open file (Filename = '�@.�^.�`.�d')
2018-12-25T12:27:09.834811325Z 75 PC: 132b4 | Execute program
2018-12-25T12:27:09.8426774Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:09.849702415Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:09.856955587Z 61 PC: 12c97 | Open file (See above)
2018-12-25T12:27:09.869267656Z 87 PC: 12ca0 | Get or set file date and time
2018-12-25T12:27:09.871846621Z 63 PC: 12cb6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:09.882965214Z 66 PC: 12cc5 | Move file pointer
2018-12-25T12:27:09.886150554Z 62 PC: 12cd2 | Close file
2018-12-25T12:27:09.888473842Z 75 PC: 132b4 | Execute program (See above)
2018-12-25T12:27:10.062686386Z 48 PC: 39574 | Get DOS version
2018-12-25T12:27:10.066309334Z 74 PC: 395c4 | Reallocate memory
2018-12-25T12:27:10.068594246Z 48 PC: 39628 | Get DOS version
2018-12-25T12:27:10.069908034Z 53 PC: 39630 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:10.071849081Z 37 PC: 39642 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:10.073325543Z 53 PC: 4032f | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:10.074688118Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.076310702Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.078241499Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.079730452Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.081517088Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.084167529Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.085522443Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.08685132Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.088816328Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.090573378Z 53 PC: 4032f | Get interrupt vector (See above)
2018-12-25T12:27:10.092350424Z 37 PC: 4035e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-25T12:27:10.09448245Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.096047022Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.09733604Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.099401048Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.100851515Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.102264102Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.104285536Z 37 PC: 4035e | Set interrupt vector (See above)
2018-12-25T12:27:10.105964808Z 37 PC: 40365 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-25T12:27:10.107636495Z 37 PC: 4036a | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-25T12:27:10.110190017Z 68 PC: 396d3 | I/O control for devices (Set for = '��Y���^����64r�F�����N�t|��F�')
2018-12-25T12:27:10.112255858Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:10.114275592Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:10.116578416Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:10.119375079Z 68 PC: 396d3 | I/O control for devices (See above)
2018-12-25T12:27:10.122482041Z 53 PC: 2a663 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:10.124383041Z 37 PC: 2a675 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-25T12:27:10.127278898Z 53 PC: 300ae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:10.128949998Z 53 PC: 300bb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:10.130698511Z 53 PC: 300c8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:10.133170144Z 37 PC: 300dd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:10.134536622Z 37 PC: 300e5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:10.136223173Z 37 PC: 300ed | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:10.139097716Z 53 PC: 33e10 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:10.141196412Z 53 PC: 33e1d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:10.143119643Z 53 PC: 33e2c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:10.156086879Z 37 PC: 33e39 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:10.157939374Z 53 PC: 33e40 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:27:10.159388948Z 37 PC: 33e4d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-25T12:27:10.161169369Z 53 PC: 33e59 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:27:10.169904143Z 48 PC: 33f1e | Get DOS version
2018-12-25T12:27:10.171613453Z 74 PC: 34bcb | Reallocate memory
2018-12-25T12:27:10.173768886Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:10.17603693Z 68 PC: 33d25 | I/O control for devices (Set for = 'pt������n~�:4*�P')
2018-12-25T12:27:10.178074492Z 68 PC: 33d25 | I/O control for devices (See above)
2018-12-25T12:27:10.180044811Z 51 PC: 33d43 | Get or set Ctrl-Break
2018-12-25T12:27:10.18186888Z 51 PC: 33d4f | Get or set Ctrl-Break
2018-12-25T12:27:10.183454489Z 72 PC: 34386 | Allocate memory
2018-12-25T12:27:10.186413642Z 74 PC: 34bcb | Reallocate memory (See above)
2018-12-25T12:27:10.189410399Z 72 PC: 34386 | Allocate memory (See above)
2018-12-25T12:27:10.191853642Z 37 PC: 2f731 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:10.204168018Z 48 PC: 2449f | Get DOS version
2018-12-25T12:27:10.206694577Z 61 PC: 242ac | Open file (Filename = 'C:\DOS\qbasic.ini')
2018-12-25T12:27:10.217596212Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.225031676Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.228541804Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.232150982Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.235490987Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.238892403Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.242858343Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.246167301Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.249587656Z 63 PC: 242ac | Read file or device (See above)
2018-12-25T12:27:10.254274959Z 62 PC: 242ac | Close file (See above)
2018-12-25T12:27:10.256913468Z 53 PC: 2f9ba | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-25T12:27:10.258814417Z 37 PC: 2f9c7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:10.264942438Z 53 PC: 4cbe8 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:10.267686232Z 37 PC: 4cbf4 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:27:10.273948175Z 53 PC: 42665 | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:27:10.282798327Z 37 PC: 2f731 | Set interrupt vector (See above)
2018-12-25T12:27:10.28607064Z 53 PC: 2f9ba | Get interrupt vector (See above)
2018-12-25T12:27:10.287886052Z 37 PC: 2f9c7 | Set interrupt vector (See above)
2018-12-25T12:27:10.29079026Z 53 PC: 42665 | Get interrupt vector (See above)
2018-12-25T12:27:10.293910004Z 53 PC: 4d4d9 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:10.295725595Z 37 PC: 4d4ec | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:27:10.297516947Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:10.300341949Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:10.302120884Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:10.303847578Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:10.306362222Z 53 PC: 4d4d9 | Get interrupt vector (See above)
2018-12-25T12:27:10.30842904Z 37 PC: 4d4ec | Set interrupt vector (See above)
2018-12-25T12:27:10.310085685Z 48 PC: 4d49a | Get DOS version
2018-12-25T12:27:10.312800962Z 53 PC: 4d4b8 | Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:27:10.31469333Z 37 PC: 4d4cd | Set interrupt vector (Interrupt = '21' AKA 'Sequential write')