Sample viewer

vx.netlux.org/Virus.DOS.Protect.1355

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:07.760629354Z	115	PC: 12efd \| UNKNOWN!
2018-12-17T23:01:07.762137572Z	73	PC: 12f08 \| Release memory
2018-12-17T23:01:07.765115606Z	74	PC: 12f25 \| Reallocate memory
2018-12-17T23:01:07.767347047Z	18	PC: 12f2c \| Find next file
2018-12-17T23:01:07.769458717Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.772826974Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-17T23:01:07.78024746Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.782994003Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:01:07.785549774Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.78800079Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:01:07.790235942Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.793409202Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:01:07.795932309Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.79825808Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:01:07.799667444Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.802028166Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:07.80376955Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.806033364Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:07.807613304Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.810134076Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.812066044Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.814649556Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.816608923Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.819801117Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.825531121Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.828580866Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.830762407Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.83467168Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.837785163Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.840272017Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.846177583Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.849392393Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.851599545Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.855166689Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.85668501Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.858888536Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.860883968Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.86304802Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.864477921Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.866770232Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.868551401Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.871327499Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.873464434Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.876400633Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.878481576Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.881183378Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.883446169Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.885526959Z	62	PC: 122ab \| Close file
2018-12-17T23:01:07.888644392Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.891512686Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-17T23:01:07.893555182Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.896475708Z	56	PC: 945e9 \| Get or set country info
2018-12-17T23:01:07.899254647Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.903103239Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:01:07.908540455Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.911059074Z	25	PC: 94652 \| Get default drive
2018-12-17T23:01:07.913447759Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.916099758Z	71	PC: 968cd \| Get current directory
2018-12-17T23:01:07.92118237Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.924657497Z	64	PC: 9a038 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:01:07.927876033Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.930680513Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-17T23:01:07.934266507Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.936818121Z	93	PC: 94710 \| File sharing functions
2018-12-17T23:01:07.938445562Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.949976433Z	93	PC: 94717 \| File sharing functions
2018-12-17T23:01:07.955997528Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-17T23:01:07.958987443Z	10	PC: 94729 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13771,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:57.319875847Z	115	PC: 12efd \| UNKNOWN!
2018-12-25T12:38:57.321375632Z	73	PC: 12f08 \| Release memory
2018-12-25T12:38:57.322876766Z	74	PC: 12f25 \| Reallocate memory
2018-12-25T12:38:57.324230277Z	18	PC: 12f2c \| Find next file
2018-12-25T12:38:57.32756932Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-25T12:38:57.329496196Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:38:57.333489674Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.335147667Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:38:57.337001878Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.338759686Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:38:57.340146149Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.342575709Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:38:57.344374725Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.34628302Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:38:57.348517752Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.350497544Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:38:57.351809224Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.369140938Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:57.370471976Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.373159334Z	62	PC: 122ab \| Close file
2018-12-25T12:38:57.375515574Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.37750761Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.379012734Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.381656486Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.384455642Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.387289938Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.390539093Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.39391364Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.395965344Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.398704737Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.401008206Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.403776489Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.405845031Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.409208125Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.41171962Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.414247341Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.4167205Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.419333646Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.42230401Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.425416471Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.427230153Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.429857795Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.432920412Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.43544694Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.437121549Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.440924676Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.442878879Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.445183731Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.449407198Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.451882446Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-25T12:38:57.453262449Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.454952901Z	56	PC: 945e9 \| Get or set country info
2018-12-25T12:38:57.457228124Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.458846064Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:38:57.463824653Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.466698269Z	25	PC: 94652 \| Get default drive
2018-12-25T12:38:57.468550029Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.470427076Z	71	PC: 968cd \| Get current directory
2018-12-25T12:38:57.479269943Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.481344367Z	64	PC: 9a038 \| Write file or device (See above)
2018-12-25T12:38:57.485017981Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.487226014Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-25T12:38:57.489044668Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.49154424Z	93	PC: 94710 \| File sharing functions
2018-12-25T12:38:57.493894089Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.496440139Z	93	PC: 94717 \| File sharing functions
2018-12-25T12:38:57.498527927Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.501836583Z	10	PC: 94729 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":13771,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:57.436298997Z	115	PC: 12efd \| UNKNOWN!
2018-12-25T12:38:57.438033199Z	73	PC: 12f08 \| Release memory
2018-12-25T12:38:57.439625765Z	74	PC: 12f25 \| Reallocate memory
2018-12-25T12:38:57.441195097Z	18	PC: 12f2c \| Find next file
2018-12-25T12:38:57.444136408Z	44	PC: 9f6ce \| Get time 0x9f6ce: cmp ch, cl 0x9f6d0: jne 0x9f6d8 0x9f6d2: mov byte ptr cs:[0x64], 1 0x9f6d8: pop dx 0x9f6d9: pop cx 0x9f6da: pop ax 0x9f6db: ljmp ptr cs:[0] 0x9f6e0: mov ax, 0x2371 0x9f6e3: iret 0x9f6e4: push ds 0x9f6e5: push es 0x9f6e6: push bp 0x9f6e7: push si 0x9f6e8: push di 0x9f6e9: push ax 0x9f6ea: push bx 0x9f6eb: push cx 0x9f6ec: push dx 0x9f6ed: pushf 0x9f6ee: push ax
2018-12-25T12:38:57.44661876Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:38:57.452707614Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.45505648Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:38:57.457446877Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.459625087Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:38:57.461564744Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.464075361Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:38:57.466090817Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.468006952Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:38:57.470019368Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.472047875Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:38:57.47311851Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.476142387Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:57.477265207Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.479658997Z	62	PC: 122ab \| Close file
2018-12-25T12:38:57.4828442Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.484897296Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.48625931Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.488149728Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.489877387Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.491575612Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.492737523Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.498970345Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.500179592Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.501682032Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.50876716Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.511286196Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.512897169Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.515257377Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.517472398Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.519498571Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.521799614Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.523367919Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.530386961Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.532663112Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.534504635Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.536559571Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.538078029Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.540917028Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.542651119Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.544667535Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.548461962Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.55051683Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:38:57.553652841Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.556812639Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-25T12:38:57.557958938Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.559674632Z	56	PC: 945e9 \| Get or set country info
2018-12-25T12:38:57.562232068Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.564692751Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:38:57.567391711Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.570395113Z	25	PC: 94652 \| Get default drive
2018-12-25T12:38:57.573884829Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.575425119Z	71	PC: 968cd \| Get current directory
2018-12-25T12:38:57.580329249Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.582017687Z	64	PC: 9a038 \| Write file or device (See above)
2018-12-25T12:38:57.585162223Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.587490954Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-25T12:38:57.589071639Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.590579509Z	93	PC: 94710 \| File sharing functions
2018-12-25T12:38:57.592845626Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.595194688Z	93	PC: 94717 \| File sharing functions
2018-12-25T12:38:57.598328934Z	44	PC: 9f6ce \| Get time (See above)
2018-12-25T12:38:57.601549085Z	10	PC: 94729 \| Buffered keyboard input