Sample viewer

vx.netlux.org/Virus.DOS.SRX.2304

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:23.163715198Z	53	PC: 130dc \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:57:23.16558572Z	37	PC: 130fb \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:57:23.167055433Z	53	PC: 13100 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:23.168369221Z	37	PC: 13114 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:23.169842245Z	53	PC: 131d4 \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:57:23.171188432Z	37	PC: 131fb \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:57:23.172348794Z	49	PC: 13221 \| Terminate and stay resident (Return code = '0' \| Memory size = '176')
2018-12-17T22:57:23.174436432Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.177808043Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:57:23.179321298Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.181743975Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:57:23.184688388Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.187158923Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:57:23.189398891Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.193292334Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:57:23.19475163Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.197123134Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:23.199380205Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.201733539Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:23.203152641Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.205942268Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.207829101Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.209924212Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.211559812Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.214686767Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.216152796Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.218243761Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.220092802Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.222159734Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.223570232Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.22662033Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.22862401Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.231118583Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.233216528Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.235195262Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.236495208Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.239053971Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.240162851Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.241596596Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.243353289Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.245385114Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.246699488Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.248890461Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.250479821Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.252415608Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.254175675Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.256109726Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.257324553Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.259692203Z	62	PC: 122ab \| Close file
2018-12-17T22:57:23.26258301Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.264650579Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T22:57:23.26678087Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.268774911Z	56	PC: 94df9 \| Get or set country info
2018-12-17T22:57:23.270508376Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.272681746Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:57:23.277173103Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.279121375Z	25	PC: 94e62 \| Get default drive
2018-12-17T22:57:23.280729251Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.283062827Z	71	PC: 970dd \| Get current directory
2018-12-17T22:57:23.288968618Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.293242247Z	64	PC: 9a848 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:57:23.303070865Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.305233421Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T22:57:23.307498797Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.31118422Z	93	PC: 94f20 \| File sharing functions
2018-12-17T22:57:23.313077201Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.315513479Z	93	PC: 94f27 \| File sharing functions
2018-12-17T22:57:23.319211592Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-17T22:57:23.321726706Z	10	PC: 94f39 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12538,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:36.387174895Z	53	PC: 130dc \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.390057824Z	37	PC: 130fb \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:35:36.391215391Z	53	PC: 13100 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:36.392294952Z	37	PC: 13114 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:36.3941444Z	53	PC: 131d4 \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.39571265Z	37	PC: 131fb \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.397179438Z	49	PC: 13221 \| Terminate and stay resident (Return code = '0' \| Memory size = '176')
2018-12-25T12:35:36.399916314Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-25T12:35:36.409519157Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:35:36.41092075Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.412505243Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:35:36.414638633Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.416442681Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:35:36.41773658Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.422995515Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:35:36.424218467Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.426001252Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:35:36.427493114Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.429831216Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:35:36.431241118Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.432869716Z	62	PC: 122ab \| Close file
2018-12-25T12:35:36.434925019Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.436693287Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.438047627Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.439980278Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.441190569Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.442825146Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.444491428Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.446265727Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.447393278Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.449556957Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.451639788Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.45423791Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.460450574Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.464748654Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.466690129Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.470039869Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.47210201Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.482679598Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.484594539Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.487332627Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.489649458Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.49209358Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.493289235Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.494755671Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.496325368Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.498704459Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.500232249Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.503585752Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.506633257Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.508910532Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T12:35:36.51114492Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.513648199Z	56	PC: 94df9 \| Get or set country info
2018-12-25T12:35:36.516401226Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.519877091Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:35:36.524662185Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.527357691Z	25	PC: 94e62 \| Get default drive
2018-12-25T12:35:36.529855381Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.532879458Z	71	PC: 970dd \| Get current directory
2018-12-25T12:35:36.537467906Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.540022807Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:35:36.546892934Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.549155295Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T12:35:36.551439193Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.553950354Z	93	PC: 94f20 \| File sharing functions
2018-12-25T12:35:36.555710523Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.557828716Z	93	PC: 94f27 \| File sharing functions
2018-12-25T12:35:36.559753557Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.561850289Z	10	PC: 94f39 \| Buffered keyboard input

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12538,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:36.528992567Z	53	PC: 130dc \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.531253408Z	37	PC: 130fb \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:35:36.533144767Z	53	PC: 13100 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:36.53491459Z	37	PC: 13114 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:36.537233468Z	53	PC: 131d4 \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.53949433Z	37	PC: 131fb \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.541292298Z	49	PC: 13221 \| Terminate and stay resident (Return code = '0' \| Memory size = '176')
2018-12-25T12:35:36.544194736Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx
2018-12-25T12:35:36.548339442Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:35:36.550233635Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.553178019Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:35:36.556924713Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.560013638Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:35:36.563301304Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.568043335Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:35:36.57016989Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.57436339Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:35:36.58539843Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.587980306Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:35:36.590358473Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.594082227Z	62	PC: 122ab \| Close file
2018-12-25T12:35:36.596160495Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.59889535Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.600903566Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.603584532Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.605364813Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.607697181Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.61862386Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.62106792Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.622661574Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.629815509Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.631593061Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.634063979Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.63689509Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.63941162Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.64139309Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.644713012Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.646734455Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.649517649Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.652350282Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.654962041Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.65667491Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.659323439Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.661667209Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.664214576Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.666162268Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.668869621Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.670777095Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.673553518Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:35:36.678560969Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.681048998Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T12:35:36.682627838Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.685699049Z	56	PC: 94df9 \| Get or set country info
2018-12-25T12:35:36.688128678Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.69071553Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:35:36.696388503Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.698782794Z	25	PC: 94e62 \| Get default drive
2018-12-25T12:35:36.700580546Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.703257827Z	71	PC: 970dd \| Get current directory
2018-12-25T12:35:36.707679576Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.710111519Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:35:36.714967026Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.717665967Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T12:35:36.720420525Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.72282607Z	93	PC: 94f20 \| File sharing functions
2018-12-25T12:35:36.725288959Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.727915615Z	93	PC: 94f27 \| File sharing functions
2018-12-25T12:35:36.73039149Z	42	PC: 12bd2 \| Get date (See above)
2018-12-25T12:35:36.739300831Z	10	PC: 94f39 \| Buffered keyboard input

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12538,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:36.688793634Z	53	PC: 130dc \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.690503414Z	37	PC: 130fb \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:35:36.692043801Z	53	PC: 13100 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:36.693013859Z	37	PC: 13114 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:36.694268352Z	53	PC: 131d4 \| Get interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.704461103Z	37	PC: 131fb \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-25T12:35:36.706150911Z	49	PC: 13221 \| Terminate and stay resident (Return code = '0' \| Memory size = '176')
2018-12-25T12:35:36.708556827Z	42	PC: 12bd2 \| Get date 0x12bd2: cmp dl, 2 0x12bd5: jne 0x12bdf 0x12bd7: cmp dh, 0xc 0x12bda: jne 0x12bdf 0x12bdc: jmp 0x12d0b 0x12bdf: pop dx 0x12be0: popf 0x12be1: pop ax 0x12be2: pop bx 0x12be3: pop cx 0x12be4: pop es 0x12be5: pop ds 0x12be6: pop si 0x12be7: pop di 0x12be8: pop bp 0x12be9: cli 0x12bea: ljmp ptr cs:[0x108] 0x12bef: jmp 0x131ca 0x12bf2: pop dx 0x12bf3: push dx