Sample viewer

vx.netlux.org/Virus.DOS.Cybercide.2256

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:23.404178563Z	221	PC: 12a49 \| UNKNOWN!
2018-12-17T22:59:23.405599664Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:23.407157692Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:59:23.409161338Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:59:23.410541772Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:23.412545799Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.414927675Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.417196199Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:59:23.419036287Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.421387024Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.423682419Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:59:23.427983883Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.430393451Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.432599958Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:59:23.434642316Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.437598321Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.440754914Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:59:23.44369502Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.446729502Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.449356029Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:59:23.452021589Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.455397944Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.458342468Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:59:23.459729906Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.463134634Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.466284053Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:59:23.467865405Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.472277147Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.474968885Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:23.476654614Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.479856641Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.482473649Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.48449054Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.488104412Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.490668501Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.492494202Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.495596373Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.498103995Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.499641054Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.501952628Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.505367005Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.507096786Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.509164261Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.51266442Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.514568839Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.521674002Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.526570505Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.528482228Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.531188514Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.534638598Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.536626323Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.539296852Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.541855561Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.544391467Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.547081312Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.549697019Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.552491751Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.554897402Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.557513679Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.560181884Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.563211387Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.565863471Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.568316382Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.570981721Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.573304165Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.575740895Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.578686341Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.581906442Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.583609603Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.587900026Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.590223373Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.591922827Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.594889964Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.597333306Z	62	PC: 122ab \| Close file
2018-12-17T22:59:23.600271127Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:59:23.607901267Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.610282271Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.612724501Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-17T22:59:23.61503845Z	62	PC: 9ee9f \| Close file
2018-12-17T22:59:23.617013872Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:59:23.623533816Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.626456278Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.629177272Z	66	PC: 12372 \| Move file pointer
2018-12-17T22:59:23.630767461Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.633868038Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.636227723Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:59:23.657331225Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.660099928Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.663286416Z	62	PC: 1238a \| Close file
2018-12-17T22:59:23.666819817Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.66915738Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.672230155Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-17T22:59:23.673843537Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.676087755Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.67912313Z	56	PC: 93b39 \| Get or set country info
2018-12-17T22:59:23.681308086Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.683722975Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.686797443Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:59:23.691548863Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.693951909Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.696301835Z	25	PC: 93ba2 \| Get default drive
2018-12-17T22:59:23.699010616Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.701402822Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.703837898Z	71	PC: 95e1d \| Get current directory
2018-12-17T22:59:23.709669428Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.712381876Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.715049149Z	64	PC: 99588 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:59:23.719841636Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.722611Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.725147337Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-17T22:59:23.729099956Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.731702346Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.734964868Z	93	PC: 93c60 \| File sharing functions
2018-12-17T22:59:23.737144274Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.740703112Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.74422425Z	93	PC: 93c67 \| File sharing functions
2018-12-17T22:59:23.746727495Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T22:59:23.750787255Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T22:59:23.753677827Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:41.182997521Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:41.184136595Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.185291353Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:41.186791927Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:41.188829097Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.190191163Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:37:41.192440048Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-25T12:37:41.195100329Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:41.197152989Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.199815875Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.202182683Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:41.206199949Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.208452265Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.210899739Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:37:41.213311597Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.215508922Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.218019922Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:37:41.222713892Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.225059049Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.227959805Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:37:41.23213288Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.234802698Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.236997968Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:37:41.239020362Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.241368124Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.243758554Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:41.245855347Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.248132656Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.25021028Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:41.252563743Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.254998127Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.257020414Z	62	PC: 122ab \| Close file
2018-12-25T12:37:41.259257553Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.261473419Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.263560521Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.266373508Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.268771106Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.270992558Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.272913662Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.276737711Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.279365726Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.281364988Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.285672609Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.288232058Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.290229207Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.29384425Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.29648646Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.298513574Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.302411113Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.305079774Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.306927452Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.310171115Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.313504953Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.315334902Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.318502533Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.321226184Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.323063082Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.325760277Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.328997268Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.330844458Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.333269257Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.336659761Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.338502303Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.340903279Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.344284753Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.346121017Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.348552484Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.351923213Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.353744045Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.356143989Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.359374036Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.361542891Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.363930159Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.367370035Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.370206133Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:41.376584068Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.379421779Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.381590535Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-25T12:37:41.382975155Z	62	PC: 9ee9f \| Close file
2018-12-25T12:37:41.385797033Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:41.392712662Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.395031453Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.397870734Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:37:41.399385816Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.401709559Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.404562248Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:37:41.417378057Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.419734061Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.422630971Z	62	PC: 1238a \| Close file
2018-12-25T12:37:41.42588496Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.428001688Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.43070667Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:37:41.432206427Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.434551565Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.437054852Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:37:41.439680148Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.441745773Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.443717853Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:37:41.449393592Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.451232505Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.452788221Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:37:41.454136892Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.455800709Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.457291747Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:37:41.460668215Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.462352655Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.46443211Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:37:41.467884458Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.469850603Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.472052159Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:37:41.475336606Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.477759138Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.480130198Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:37:41.482509284Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.484913515Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.487288644Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:37:41.489934089Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.492383517Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.494478591Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:41.25657399Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:41.264028625Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.264963246Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:41.265932333Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:41.267143209Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.2686141Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:37:41.270342823Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-25T12:37:41.271838528Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:41.275095861Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.277505549Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.27976494Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:41.284539171Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.287482214Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.290355586Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:37:41.292314402Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.294087272Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.295836154Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:37:41.298158167Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.300310778Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.302337199Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:37:41.304061372Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.306621953Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.308593826Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:37:41.310839282Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.312872434Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.31487718Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:41.316333022Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.318444699Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.320456766Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:41.321913883Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.324083866Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.326625507Z	62	PC: 122ab \| Close file
2018-12-25T12:37:41.328249705Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.331115056Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.332432114Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.333522931Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.335356708Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.336856755Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.338073662Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.34035532Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.341879843Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.346364967Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.351330154Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.352856386Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.353993636Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.356063957Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.357574431Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.358678821Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.360705347Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.362278016Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.363484282Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.365921122Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.367340786Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.370659077Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.386426115Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.388188266Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.389260378Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.391769168Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.395886832Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.397319309Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.400220254Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.402552491Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.404277979Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.406989412Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.409218739Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.41094343Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.413717062Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.415776135Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.417235783Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.419883986Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.422106032Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.423816022Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.426659724Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.429627627Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:41.431801385Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:41.437709541Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.439793088Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.441736783Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-25T12:37:41.443542066Z	62	PC: 9ee9f \| Close file
2018-12-25T12:37:41.445606705Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:41.451683879Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.454190234Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.457148414Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:37:41.458770576Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.460910765Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.463133884Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:37:41.476317764Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.480980446Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.484039351Z	62	PC: 1238a \| Close file
2018-12-25T12:37:41.487202956Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.489247943Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.492321033Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:37:41.493850653Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.496182663Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.49997207Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:37:41.501870163Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.503945471Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.50697472Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:37:41.512021071Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.514369536Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.517492002Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:37:41.519314825Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.521591499Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.524908008Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:37:41.528911499Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.531057044Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.533348458Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:37:41.543936123Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.546393479Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.548971463Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:37:41.551505528Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.553696936Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.556045047Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:37:41.558203541Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.560363685Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.562649113Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:37:41.565104098Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.567243146Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.571619199Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:41.919733482Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:41.922643511Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.924046514Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:41.925153474Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:41.926911464Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:41.929801333Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:37:41.933364833Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x59b 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-25T12:37:41.936922842Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:41.939165932Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.94406717Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.948034815Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:41.952338816Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.954737666Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.957211121Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:37:41.960623665Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.96309538Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.965457478Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:37:41.969053541Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.971667114Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.974032123Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:37:41.977145521Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.979828696Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.982678035Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:37:41.988283103Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.99273274Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:41.995426169Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:41.997870568Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:41.99979288Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.002876542Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:42.004889814Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.006933322Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.009429048Z	62	PC: 122ab \| Close file
2018-12-25T12:37:42.011516763Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.013536887Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.015980081Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.017459121Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.022044968Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.025506504Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.027428064Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.031788487Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.035485076Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.037744541Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.041370461Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.043990323Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.046193502Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.050611936Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.055228295Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.058863685Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.061915666Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.065993976Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.067968537Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.070450434Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.073846538Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.075912157Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.078656987Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.081660168Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.084074169Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.0872441Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.091368724Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.093404606Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.096374794Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.100333384Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.102257469Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.104597329Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.109012857Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.112543003Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.123471664Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.127353601Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.129993121Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.132488035Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.135138702Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.138619911Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.141687299Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.144109179Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.147764311Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:42.154843025Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.15884779Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.162424485Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-25T12:37:42.164253435Z	62	PC: 9ee9f \| Close file
2018-12-25T12:37:42.166359458Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:42.171074332Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.173447708Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.175818874Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:37:42.17802405Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.181388257Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.184222976Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:37:42.202551392Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.205050084Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.207444948Z	62	PC: 1238a \| Close file
2018-12-25T12:37:42.211291634Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.213811161Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.216035342Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:37:42.217622343Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.219989385Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.222327479Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:37:42.224624263Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.227636383Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.230032476Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:37:42.235305493Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.238588854Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.241392203Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:37:42.243327425Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.249006482Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.25155815Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:37:42.255830015Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.259069722Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.260709792Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:37:42.263031679Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.267134374Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.269418985Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:37:42.271759263Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.274826674Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.277788365Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:37:42.279605494Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.281985832Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.289726557Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:37:42.291194656Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.292735391Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:37:42.295870789Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.462218754Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:42.463729424Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.46536689Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.466876299Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.469436131Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.47079864Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.803707547Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:42.805181454Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.806326276Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.807403796Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.808921241Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.810076169Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.819070661Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:42.820960325Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.82506415Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.826881327Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.828801129Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.83992578Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.896999323Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:42.89953722Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.901129489Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.902520019Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.9089889Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.910514843Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:37:42.912846334Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.914085326Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.917488065Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.921182239Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.923546975Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:37:42.929237013Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.932102802Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:37:42.934535349Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.937950621Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:37:42.940564991Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.943036466Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:37:42.955469538Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.958772077Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:42.960257904Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.969247646Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:42.970959731Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.973738704Z	62	PC: 122ab \| Close file
2018-12-25T12:37:42.976251923Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.978851689Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:42.980524309Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.982994071Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.004916284Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.007322738Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.0090912Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.012388798Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.014382892Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.016814585Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.019096887Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.021616609Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.023481241Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.032271771Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.034187757Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.037259974Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.039813491Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.042315002Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.043832075Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.046115939Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.048076139Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.050658792Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.052379158Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.055315996Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.057450612Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.059891456Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.063576239Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.066048645Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.0691928Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:43.078703966Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.081490534Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-25T12:37:43.083402494Z	62	PC: 9ee9f \| Close file
2018-12-25T12:37:43.08617058Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:43.093063137Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.095425617Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:37:43.097521888Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.100677517Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:37:43.116247436Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.118996762Z	62	PC: 1238a \| Close file
2018-12-25T12:37:43.123546682Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.126440268Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:37:43.128616378Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.131971768Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:37:43.134688136Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.137094855Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:37:43.140825461Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.142554453Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:37:43.144297423Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.147016927Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:37:43.149825714Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.151989212Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:37:43.156057222Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.15847015Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:37:43.161141193Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.164197529Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:37:43.166210517Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.168495728Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:37:43.171016989Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.173317542Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.975832599Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:42.977143987Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.978573845Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.97988628Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.981287225Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.982750301Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:37:42.985153234Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:42.986513672Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:42.989452003Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:42.999702008Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.002109155Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:37:43.004016004Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.006700256Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:37:43.008774683Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.012758945Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:37:43.015326478Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.017635468Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:37:43.019551422Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.021891066Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:43.023596396Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.027738363Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:43.029172513Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.031608659Z	62	PC: 122ab \| Close file
2018-12-25T12:37:43.033374132Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.036650588Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.03890059Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.041839297Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.044280348Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.046670966Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.048319835Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.052020743Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.054194298Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.056996832Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.064340866Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.067252323Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.069136428Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.072304832Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.074214763Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.07671521Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.078903915Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.081510256Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.083646562Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.086129262Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.088112177Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.09039365Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.092147734Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.095085002Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.096822073Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.099981755Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.102443285Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.105401051Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.108389397Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:43.115531236Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.118246753Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-25T12:37:43.119646972Z	62	PC: 9ee9f \| Close file
2018-12-25T12:37:43.122047317Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:43.12881385Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.131101812Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:37:43.134659914Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.136954694Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:37:43.151173864Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.154043019Z	62	PC: 1238a \| Close file
2018-12-25T12:37:43.15761368Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.159792923Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:37:43.162069903Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.164846068Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:37:43.167844651Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.172227144Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:37:43.177499627Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.18059177Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:37:43.193513816Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.195931678Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:37:43.200368881Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.203004364Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:37:43.207030158Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.209422833Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:37:43.211827799Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.215047289Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:37:43.217323024Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.219553222Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:37:43.222698925Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.225098029Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13201,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:43.756751908Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:37:43.757796916Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:43.75902137Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:43.760030527Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:43.761471342Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:43.762573043Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:37:43.764509949Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:37:43.765774568Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.767732213Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:43.770601282Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.772611655Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:37:43.773836429Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.775750814Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:37:43.777227504Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.779372879Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:37:43.781248427Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.78302935Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:37:43.784323094Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.786212669Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:43.787112475Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.78932664Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:43.790350361Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.792157306Z	62	PC: 122ab \| Close file
2018-12-25T12:37:43.798656666Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.800619719Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.801949004Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.804328423Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.805665667Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.807646242Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.814454734Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.816487137Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.817826725Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.820813056Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.82218144Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.824167142Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.82598525Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.827897601Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.829096295Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.831293602Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.832715722Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.835233747Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.838798373Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.840702677Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.841916877Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.844252182Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.84566416Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.847566638Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.849286596Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.851275659Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.852642381Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.855095538Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:37:43.857640916Z	61	PC: 9ef1a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:43.863619194Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.866074702Z	87	PC: 9ef23 \| Get or set file date and time
2018-12-25T12:37:43.867399642Z	62	PC: 9ee9f \| Close file
2018-12-25T12:37:43.87608453Z	61	PC: 9eeae \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:37:43.882597983Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.884555855Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:37:43.885825132Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.888153179Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:37:43.90149211Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.903433287Z	62	PC: 1238a \| Close file
2018-12-25T12:37:43.907069603Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.908985442Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:37:43.910165394Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.912466008Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:37:43.914262047Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.916213629Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:37:43.92107048Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.923030136Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:37:43.924399056Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.926618045Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:37:43.930361232Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.93227093Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:37:43.935574551Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.937001991Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:37:43.938346229Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.939948945Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:37:43.941459366Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.943264374Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:37:43.945117179Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:37:43.947218652Z	10	PC: 93c79 \| Buffered keyboard input