Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1500

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:05.666815962Z 42 PC: 1e9b2 | Get date 0x1e9b2: cmp cx, 0x7cc
0x1e9b6: jne 0x1e9c2
0x1e9b8: cmp dh, 3
0x1e9bb: ja 0x1e9c2
0x1e9bd: cmp dl, 1
0x1e9c0: jb 0x1ea0b
0x1e9c2: mov al, 0xff
0x1e9c4: mov ah, 0xf
0x1e9c6: xchg al, ah
0x1e9c8: nop
0x1e9c9: int 0x21
0x1e9cb: cmp ax, 0x101
0x1e9ce: jne 0x1e9d4
0x1e9d0: call 0x1ea0f
0x1e9d3: nop
0x1e9d4: mov ax, 0x3521
0x1e9d7: nop
0x1e9d8: int 0x21
0x1e9da: cmp word ptr es:[0xa], 0x4254
0x1e9e1: jne 0x1e9ef
2018-12-17T22:50:05.669597238Z 255 PC: 1e9cb | UNKNOWN!
2018-12-17T22:50:05.67038508Z 53 PC: 1e9da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:05.67155531Z 240 PC: 1ea09 | UNKNOWN!
2018-12-17T22:50:05.673031378Z 44 PC: 1e907 | Get time 0x1e907: cmp cl, 1
0x1e90a: jne 0x1e941
0x1e90c: mov ax, 0xb800
0x1e90f: mov es, ax
0x1e911: mov cx, 0x30
0x1e914: push cx
0x1e915: mov cx, 0x7c0
0x1e918: xor si, si
0x1e91a: mov ah, byte ptr es:[si]
0x1e91d: cmp ah, 0x77
0x1e920: jb 0x1e92f
0x1e922: dec ah
0x1e924: mov byte ptr es:[si], ah
0x1e927: mov byte ptr es:[si + 1], 0x79
0x1e92c: jmp 0x1e939
0x1e92e: nop
0x1e92f: inc ah
0x1e931: mov byte ptr es:[si], ah
0x1e934: mov byte ptr es:[si + 1], 0x8f
0x1e939: inc si
2018-12-17T22:50:05.676339985Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.679494845Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.683218928Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.687158073Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.691184954Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.696887294Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.702157382Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.707324203Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.711747855Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.715540065Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.719232052Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.722990357Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.727485953Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.730102566Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.734075659Z 48 PC: 37e1d | Get DOS version
2018-12-17T22:50:05.737475426Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:50:05.738907849Z 53 PC: 12bb3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:05.740903994Z 53 PC: 12bc0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:05.742811951Z 53 PC: 12bcd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:50:05.74474164Z 53 PC: 12bda | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:50:05.746994523Z 37 PC: 12bee | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:05.748874492Z 74 PC: 12b19 | Reallocate memory
2018-12-17T22:50:05.753382686Z 51 PC: 310be | Get or set Ctrl-Break
2018-12-17T22:50:05.755240332Z 37 PC: 31118 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:05.757638491Z 37 PC: 31118 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:05.764951144Z 53 PC: 31102 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:05.767867114Z 37 PC: 31118 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:05.771883726Z 37 PC: 31118 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:05.774261151Z 53 PC: 31102 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:05.777005011Z 37 PC: 31118 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:05.780578903Z 48 PC: 14c39 | Get DOS version
2018-12-17T22:50:05.785467751Z 37 PC: 31118 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:05.787982663Z 82 PC: 173de | Get DOS internal pointers (SYSVARS)
2018-12-17T22:50:05.791035936Z 82 PC: 17447 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:50:05.796009317Z 61 PC: 300ae | Open file (Filename = 'A:\TV.CFG')
2018-12-17T22:50:05.810768742Z 37 PC: 12bfa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:05.813311391Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:05.815646016Z 37 PC: 12c10 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:50:05.817867674Z 37 PC: 12c1b | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:50:05.820431496Z 76 PC: 12ba3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10102,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:15.506701898Z 42 PC: 1e9b2 | Get date 0x1e9b2: cmp cx, 0x7cc
0x1e9b6: jne 0x1e9c2
0x1e9b8: cmp dh, 3
0x1e9bb: ja 0x1e9c2
0x1e9bd: cmp dl, 1
0x1e9c0: jb 0x1ea0b
0x1e9c2: mov al, 0xff
0x1e9c4: mov ah, 0xf
0x1e9c6: xchg al, ah
0x1e9c8: nop
0x1e9c9: int 0x21
0x1e9cb: cmp ax, 0x101
0x1e9ce: jne 0x1e9d4
0x1e9d0: call 0x1ea0f
0x1e9d3: nop
0x1e9d4: mov ax, 0x3521
0x1e9d7: nop
0x1e9d8: int 0x21
0x1e9da: cmp word ptr es:[0xa], 0x4254
0x1e9e1: jne 0x1e9ef
2018-12-25T12:27:15.50986929Z 255 PC: 1e9cb | UNKNOWN!
2018-12-25T12:27:15.511160876Z 53 PC: 1e9da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:15.512913374Z 240 PC: 1ea09 | UNKNOWN!
2018-12-25T12:27:15.514928392Z 44 PC: 1e907 | Get time 0x1e907: cmp cl, 1
0x1e90a: jne 0x1e941
0x1e90c: mov ax, 0xb800
0x1e90f: mov es, ax
0x1e911: mov cx, 0x30
0x1e914: push cx
0x1e915: mov cx, 0x7c0
0x1e918: xor si, si
0x1e91a: mov ah, byte ptr es:[si]
0x1e91d: cmp ah, 0x77
0x1e920: jb 0x1e92f
0x1e922: dec ah
0x1e924: mov byte ptr es:[si], ah
0x1e927: mov byte ptr es:[si + 1], 0x79
0x1e92c: jmp 0x1e939
0x1e92e: nop
0x1e92f: inc ah
0x1e931: mov byte ptr es:[si], ah
0x1e934: mov byte ptr es:[si + 1], 0x8f
0x1e939: inc si
2018-12-25T12:27:15.518503026Z 48 PC: 37e1d | Get DOS version
2018-12-25T12:27:15.521866671Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.527249041Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.531727607Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.536098638Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.547151311Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.552712948Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.558621069Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.563988453Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.568144587Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.572211136Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.576188847Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.592957458Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.595931691Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.600170385Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.604933699Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:27:15.606818771Z 53 PC: 12bb3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.608794627Z 53 PC: 12bc0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:15.611852839Z 53 PC: 12bcd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:15.613711468Z 53 PC: 12bda | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:15.615639488Z 37 PC: 12bee | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.61839955Z 74 PC: 12b19 | Reallocate memory
2018-12-25T12:27:15.62274147Z 51 PC: 310be | Get or set Ctrl-Break
2018-12-25T12:27:15.623845964Z 37 PC: 31118 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:15.626855887Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.63448957Z 53 PC: 31102 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:15.637430391Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.642629163Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.645550465Z 53 PC: 31102 | Get interrupt vector (See above)
2018-12-25T12:27:15.648446909Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.652790895Z 48 PC: 14c39 | Get DOS version
2018-12-25T12:27:15.658186614Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.660796717Z 82 PC: 173de | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:15.66424545Z 82 PC: 17447 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:15.669478299Z 61 PC: 300ae | Open file (Filename = 'A:\TV.CFG')
2018-12-25T12:27:15.685172314Z 37 PC: 12bfa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.688911792Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:15.693153091Z 37 PC: 12c10 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:15.695882367Z 37 PC: 12c1b | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:15.699604068Z 76 PC: 12ba3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10102,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:15.571420358Z 42 PC: 1e9b2 | Get date 0x1e9b2: cmp cx, 0x7cc
0x1e9b6: jne 0x1e9c2
0x1e9b8: cmp dh, 3
0x1e9bb: ja 0x1e9c2
0x1e9bd: cmp dl, 1
0x1e9c0: jb 0x1ea0b
0x1e9c2: mov al, 0xff
0x1e9c4: mov ah, 0xf
0x1e9c6: xchg al, ah
0x1e9c8: nop
0x1e9c9: int 0x21
0x1e9cb: cmp ax, 0x101
0x1e9ce: jne 0x1e9d4
0x1e9d0: call 0x1ea0f
0x1e9d3: nop
0x1e9d4: mov ax, 0x3521
0x1e9d7: nop
0x1e9d8: int 0x21
0x1e9da: cmp word ptr es:[0xa], 0x4254
0x1e9e1: jne 0x1e9ef
2018-12-25T12:27:15.575675286Z 255 PC: 1e9cb | UNKNOWN!
2018-12-25T12:27:15.576973455Z 53 PC: 1e9da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:15.578814469Z 240 PC: 1ea09 | UNKNOWN!
2018-12-25T12:27:15.581258613Z 44 PC: 1e907 | Get time 0x1e907: cmp cl, 1
0x1e90a: jne 0x1e941
0x1e90c: mov ax, 0xb800
0x1e90f: mov es, ax
0x1e911: mov cx, 0x30
0x1e914: push cx
0x1e915: mov cx, 0x7c0
0x1e918: xor si, si
0x1e91a: mov ah, byte ptr es:[si]
0x1e91d: cmp ah, 0x77
0x1e920: jb 0x1e92f
0x1e922: dec ah
0x1e924: mov byte ptr es:[si], ah
0x1e927: mov byte ptr es:[si + 1], 0x79
0x1e92c: jmp 0x1e939
0x1e92e: nop
0x1e92f: inc ah
0x1e931: mov byte ptr es:[si], ah
0x1e934: mov byte ptr es:[si + 1], 0x8f
0x1e939: inc si
2018-12-25T12:27:15.584789882Z 48 PC: 37e1d | Get DOS version
2018-12-25T12:27:15.587752995Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.590754827Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.594060379Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.608350983Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.614830563Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.621041255Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.629483997Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.634150338Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.639149807Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.643148586Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.64700949Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.651428061Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.653616497Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.656271444Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.65894259Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:27:15.660166086Z 53 PC: 12bb3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.661695141Z 53 PC: 12bc0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:15.664708501Z 53 PC: 12bcd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:15.666238541Z 53 PC: 12bda | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:15.667733244Z 37 PC: 12bee | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.671443145Z 74 PC: 12b19 | Reallocate memory
2018-12-25T12:27:15.676467336Z 51 PC: 310be | Get or set Ctrl-Break
2018-12-25T12:27:15.67825396Z 37 PC: 31118 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:15.682124371Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.691434302Z 53 PC: 31102 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:15.694577149Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.700399377Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.703328578Z 53 PC: 31102 | Get interrupt vector (See above)
2018-12-25T12:27:15.705718698Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.715237106Z 48 PC: 14c39 | Get DOS version
2018-12-25T12:27:15.723217038Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.72821604Z 82 PC: 173de | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:15.73335645Z 82 PC: 17447 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:15.743027417Z 61 PC: 300ae | Open file (Filename = 'A:\TV.CFG')
2018-12-25T12:27:15.758798921Z 37 PC: 12bfa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.762700003Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:15.766897012Z 37 PC: 12c10 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:15.780950498Z 37 PC: 12c1b | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:15.784345531Z 76 PC: 12ba3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10102,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:15.595133725Z 42 PC: 1e9b2 | Get date 0x1e9b2: cmp cx, 0x7cc
0x1e9b6: jne 0x1e9c2
0x1e9b8: cmp dh, 3
0x1e9bb: ja 0x1e9c2
0x1e9bd: cmp dl, 1
0x1e9c0: jb 0x1ea0b
0x1e9c2: mov al, 0xff
0x1e9c4: mov ah, 0xf
0x1e9c6: xchg al, ah
0x1e9c8: nop
0x1e9c9: int 0x21
0x1e9cb: cmp ax, 0x101
0x1e9ce: jne 0x1e9d4
0x1e9d0: call 0x1ea0f
0x1e9d3: nop
0x1e9d4: mov ax, 0x3521
0x1e9d7: nop
0x1e9d8: int 0x21
0x1e9da: cmp word ptr es:[0xa], 0x4254
0x1e9e1: jne 0x1e9ef
2018-12-25T12:27:15.599082182Z 255 PC: 1e9cb | UNKNOWN!
2018-12-25T12:27:15.600385705Z 53 PC: 1e9da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:15.602139516Z 240 PC: 1ea09 | UNKNOWN!
2018-12-25T12:27:15.60448249Z 44 PC: 1e907 | Get time 0x1e907: cmp cl, 1
0x1e90a: jne 0x1e941
0x1e90c: mov ax, 0xb800
0x1e90f: mov es, ax
0x1e911: mov cx, 0x30
0x1e914: push cx
0x1e915: mov cx, 0x7c0
0x1e918: xor si, si
0x1e91a: mov ah, byte ptr es:[si]
0x1e91d: cmp ah, 0x77
0x1e920: jb 0x1e92f
0x1e922: dec ah
0x1e924: mov byte ptr es:[si], ah
0x1e927: mov byte ptr es:[si + 1], 0x79
0x1e92c: jmp 0x1e939
0x1e92e: nop
0x1e92f: inc ah
0x1e931: mov byte ptr es:[si], ah
0x1e934: mov byte ptr es:[si + 1], 0x8f
0x1e939: inc si
2018-12-25T12:27:15.691866122Z 48 PC: 37e1d | Get DOS version
2018-12-25T12:27:15.695432953Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.699519174Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.705004243Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.709836962Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.717322202Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.72520354Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.728965251Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.732046024Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.737024054Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.741344547Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.744692965Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.750992793Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.754252401Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.760734918Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:15.767971317Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:27:15.769373951Z 53 PC: 12bb3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.770920211Z 53 PC: 12bc0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:15.772470692Z 53 PC: 12bcd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:15.775809549Z 53 PC: 12bda | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:15.777283856Z 37 PC: 12bee | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.779099784Z 74 PC: 12b19 | Reallocate memory
2018-12-25T12:27:15.784162076Z 51 PC: 310be | Get or set Ctrl-Break
2018-12-25T12:27:15.785462312Z 37 PC: 31118 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:15.788616247Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.798851169Z 53 PC: 31102 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:15.801518053Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.805697283Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.810061795Z 53 PC: 31102 | Get interrupt vector (See above)
2018-12-25T12:27:15.812731477Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.816442271Z 48 PC: 14c39 | Get DOS version
2018-12-25T12:27:15.832735242Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:15.834639235Z 82 PC: 173de | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:15.837488013Z 82 PC: 17447 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:15.852433842Z 61 PC: 300ae | Open file (Filename = 'A:\TV.CFG')
2018-12-25T12:27:15.865236484Z 37 PC: 12bfa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:15.868159657Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:15.871290592Z 37 PC: 12c10 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:15.87515964Z 37 PC: 12c1b | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:15.8781227Z 76 PC: 12ba3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":10102,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:15.950036827Z 42 PC: 1e9b2 | Get date 0x1e9b2: cmp cx, 0x7cc
0x1e9b6: jne 0x1e9c2
0x1e9b8: cmp dh, 3
0x1e9bb: ja 0x1e9c2
0x1e9bd: cmp dl, 1
0x1e9c0: jb 0x1ea0b
0x1e9c2: mov al, 0xff
0x1e9c4: mov ah, 0xf
0x1e9c6: xchg al, ah
0x1e9c8: nop
0x1e9c9: int 0x21
0x1e9cb: cmp ax, 0x101
0x1e9ce: jne 0x1e9d4
0x1e9d0: call 0x1ea0f
0x1e9d3: nop
0x1e9d4: mov ax, 0x3521
0x1e9d7: nop
0x1e9d8: int 0x21
0x1e9da: cmp word ptr es:[0xa], 0x4254
0x1e9e1: jne 0x1e9ef
2018-12-25T12:27:15.953572718Z 255 PC: 1e9cb | UNKNOWN!
2018-12-25T12:27:15.954883332Z 53 PC: 1e9da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:15.95662236Z 240 PC: 1ea09 | UNKNOWN!
2018-12-25T12:27:15.959412367Z 44 PC: 1e907 | Get time 0x1e907: cmp cl, 1
0x1e90a: jne 0x1e941
0x1e90c: mov ax, 0xb800
0x1e90f: mov es, ax
0x1e911: mov cx, 0x30
0x1e914: push cx
0x1e915: mov cx, 0x7c0
0x1e918: xor si, si
0x1e91a: mov ah, byte ptr es:[si]
0x1e91d: cmp ah, 0x77
0x1e920: jb 0x1e92f
0x1e922: dec ah
0x1e924: mov byte ptr es:[si], ah
0x1e927: mov byte ptr es:[si + 1], 0x79
0x1e92c: jmp 0x1e939
0x1e92e: nop
0x1e92f: inc ah
0x1e931: mov byte ptr es:[si], ah
0x1e934: mov byte ptr es:[si + 1], 0x8f
0x1e939: inc si
2018-12-25T12:27:16.027949146Z 48 PC: 37e1d | Get DOS version
2018-12-25T12:27:16.031808598Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.036563468Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.050982996Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.072613878Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.09014887Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.097061432Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.102757015Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.107413637Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.120895658Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.125044266Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.128944816Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.134634192Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.138322667Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.142319167Z 48 PC: 37e1d | Get DOS version (See above)
2018-12-25T12:27:16.148557274Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:27:16.150394367Z 53 PC: 12bb3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:16.152223619Z 53 PC: 12bc0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:16.158380775Z 53 PC: 12bcd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:16.169528176Z 53 PC: 12bda | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:16.17125475Z 37 PC: 12bee | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:16.173591439Z 74 PC: 12b19 | Reallocate memory
2018-12-25T12:27:16.177963201Z 51 PC: 310be | Get or set Ctrl-Break
2018-12-25T12:27:16.180816046Z 37 PC: 31118 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:27:16.187718791Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:16.199422483Z 53 PC: 31102 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:16.204705445Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:16.214453576Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:16.220865665Z 53 PC: 31102 | Get interrupt vector (See above)
2018-12-25T12:27:16.223746485Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:16.228332818Z 48 PC: 14c39 | Get DOS version
2018-12-25T12:27:16.234784559Z 37 PC: 31118 | Set interrupt vector (See above)
2018-12-25T12:27:16.237619458Z 82 PC: 173de | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:16.250705459Z 82 PC: 17447 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:27:16.256487874Z 61 PC: 300ae | Open file (Filename = 'A:\TV.CFG')
2018-12-25T12:27:16.272499587Z 37 PC: 12bfa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:16.275200131Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:16.279021998Z 37 PC: 12c10 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:16.282186086Z 37 PC: 12c1b | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:16.285391485Z 76 PC: 12ba3 | Terminate with return code (Return code = '1')