Sample viewer

vx.netlux.org/Virus.DOS.Apo.2108

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:40.675837588Z	224	PC: 12ad1 \| UNKNOWN!
2018-12-17T23:06:40.677114275Z	74	PC: 12b41 \| Reallocate memory
2018-12-17T23:06:40.679557306Z	42	PC: 12b4a \| Get date 0x12b4a: cmp dx, 0x201 0x12b4e: jne 0x12b55 0x12b50: mov byte ptr [0x15a], 1 0x12b55: mov ax, 0x351c 0x12b58: int 0x21 0x12b5a: mov word ptr [0x156], bx 0x12b5e: mov word ptr [0x158], es 0x12b62: mov ax, 0x251c 0x12b65: mov dx, 0x730 0x12b68: int 0x21 0x12b6a: push cs 0x12b6b: pop ds 0x12b6c: xor ax, ax 0x12b6e: mov es, ax 0x12b70: mov ax, word ptr es:[0x84] 0x12b74: mov word ptr [0x14e], ax 0x12b77: mov ax, word ptr es:[0x86] 0x12b7b: mov word ptr [0x150], ax 0x12b7e: mov dx, 0x3ea 0x12b81: mov word ptr es:[0x84], dx
2018-12-17T23:06:40.682313228Z	53	PC: 12b5a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:06:40.683961174Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:06:40.686364343Z	75	PC: 12c47 \| Execute program
2018-12-17T23:06:40.714369757Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.716742349Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.722172781Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.724912578Z	73	PC: 12c56 \| Release memory
2018-12-17T23:06:40.726424851Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.729401392Z	77	PC: 12c5a \| Get program return code
2018-12-17T23:06:40.732261359Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.735465753Z	49	PC: 12d27 \| Terminate and stay resident (Return code = '0' \| Memory size = '148')
2018-12-17T23:06:40.738834408Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.742033934Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:06:40.7438453Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.74724366Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:06:40.74952557Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.751920996Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:06:40.753770552Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.756829121Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:06:40.758469101Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.761212546Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:40.763236072Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.766252045Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:40.767559186Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.770900831Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.772880969Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.775327706Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.780795043Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.782688182Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.784133882Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.7866041Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.787904442Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.789549675Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.791259319Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.793214664Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.794554521Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.796448392Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.798321523Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.799946248Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.801279255Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.803923666Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.805641754Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.807789563Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.810195772Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.812829668Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.814995868Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.824519126Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.826807299Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.830785954Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.833929359Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.836769313Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.838958777Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.842486973Z	62	PC: 122ab \| Close file
2018-12-17T23:06:40.846248402Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.849240319Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-17T23:06:40.851993151Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.855218069Z	56	PC: 94df9 \| Get or set country info
2018-12-17T23:06:40.857771767Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.860819514Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:06:40.866729604Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.869546808Z	25	PC: 94e62 \| Get default drive
2018-12-17T23:06:40.871773782Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.875678074Z	71	PC: 970dd \| Get current directory
2018-12-17T23:06:40.880420998Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.883267984Z	64	PC: 9a848 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:06:40.902643234Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.906200471Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-17T23:06:40.909550441Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.912778071Z	93	PC: 94f20 \| File sharing functions
2018-12-17T23:06:40.914876331Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.917559318Z	93	PC: 94f27 \| File sharing functions
2018-12-17T23:06:40.920728281Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-17T23:06:40.923815269Z	10	PC: 94f39 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15618,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:01.225102619Z	224	PC: 12ad1 \| UNKNOWN!
2018-12-25T12:44:01.226608538Z	74	PC: 12b41 \| Reallocate memory
2018-12-25T12:44:01.22821397Z	42	PC: 12b4a \| Get date 0x12b4a: cmp dx, 0x201 0x12b4e: jne 0x12b55 0x12b50: mov byte ptr [0x15a], 1 0x12b55: mov ax, 0x351c 0x12b58: int 0x21 0x12b5a: mov word ptr [0x156], bx 0x12b5e: mov word ptr [0x158], es 0x12b62: mov ax, 0x251c 0x12b65: mov dx, 0x730 0x12b68: int 0x21 0x12b6a: push cs 0x12b6b: pop ds 0x12b6c: xor ax, ax 0x12b6e: mov es, ax 0x12b70: mov ax, word ptr es:[0x84] 0x12b74: mov word ptr [0x14e], ax 0x12b77: mov ax, word ptr es:[0x86] 0x12b7b: mov word ptr [0x150], ax 0x12b7e: mov dx, 0x3ea 0x12b81: mov word ptr es:[0x84], dx
2018-12-25T12:44:01.230603059Z	53	PC: 12b5a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.231973223Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.239016056Z	75	PC: 12c47 \| Execute program
2018-12-25T12:44:01.254937297Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-25T12:44:01.257199137Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.263100847Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.265457243Z	73	PC: 12c56 \| Release memory
2018-12-25T12:44:01.266954155Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.270411329Z	77	PC: 12c5a \| Get program return code
2018-12-25T12:44:01.272476403Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.275074531Z	49	PC: 12d27 \| Terminate and stay resident (Return code = '0' \| Memory size = '148')
2018-12-25T12:44:01.278272277Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.281070753Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:44:01.2827707Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.286870951Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:44:01.289155756Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.296229536Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:44:01.298198447Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.300939955Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:01.302985127Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.305657519Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:01.30715838Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.309885464Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:01.311668557Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.315039388Z	62	PC: 122ab \| Close file
2018-12-25T12:44:01.316689811Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.318897722Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.320819577Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.323057999Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.324668658Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.327950457Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.330757105Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.334511273Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.336162061Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.340854222Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.342945903Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.345778911Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.348178752Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.350480177Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.352031484Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.355062871Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.357296172Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.360356226Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.362973712Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.366122811Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.367848371Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.370044519Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.371499842Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.373322348Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.37524639Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.377477923Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.380083048Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.384048429Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.38773991Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.391335297Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T12:44:01.393711996Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.396747704Z	56	PC: 94df9 \| Get or set country info
2018-12-25T12:44:01.399028696Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.402125961Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:44:01.407189375Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.409323962Z	25	PC: 94e62 \| Get default drive
2018-12-25T12:44:01.410930165Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.413377993Z	71	PC: 970dd \| Get current directory
2018-12-25T12:44:01.417643274Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.419961004Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:44:01.425664191Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.427165181Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T12:44:01.428681717Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.430950419Z	93	PC: 94f20 \| File sharing functions
2018-12-25T12:44:01.432194749Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.43363662Z	93	PC: 94f27 \| File sharing functions
2018-12-25T12:44:01.435525834Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.437099125Z	10	PC: 94f39 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15618,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:01.36828378Z	224	PC: 12ad1 \| UNKNOWN!
2018-12-25T12:44:01.369439938Z	74	PC: 12b41 \| Reallocate memory
2018-12-25T12:44:01.370693265Z	42	PC: 12b4a \| Get date 0x12b4a: cmp dx, 0x201 0x12b4e: jne 0x12b55 0x12b50: mov byte ptr [0x15a], 1 0x12b55: mov ax, 0x351c 0x12b58: int 0x21 0x12b5a: mov word ptr [0x156], bx 0x12b5e: mov word ptr [0x158], es 0x12b62: mov ax, 0x251c 0x12b65: mov dx, 0x730 0x12b68: int 0x21 0x12b6a: push cs 0x12b6b: pop ds 0x12b6c: xor ax, ax 0x12b6e: mov es, ax 0x12b70: mov ax, word ptr es:[0x84] 0x12b74: mov word ptr [0x14e], ax 0x12b77: mov ax, word ptr es:[0x86] 0x12b7b: mov word ptr [0x150], ax 0x12b7e: mov dx, 0x3ea 0x12b81: mov word ptr es:[0x84], dx
2018-12-25T12:44:01.372637088Z	53	PC: 12b5a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.37430419Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.375967318Z	75	PC: 12c47 \| Execute program

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15618,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:01.450458247Z	224	PC: 12ad1 \| UNKNOWN!
2018-12-25T12:44:01.451980948Z	74	PC: 12b41 \| Reallocate memory
2018-12-25T12:44:01.453474192Z	42	PC: 12b4a \| Get date 0x12b4a: cmp dx, 0x201 0x12b4e: jne 0x12b55 0x12b50: mov byte ptr [0x15a], 1 0x12b55: mov ax, 0x351c 0x12b58: int 0x21 0x12b5a: mov word ptr [0x156], bx 0x12b5e: mov word ptr [0x158], es 0x12b62: mov ax, 0x251c 0x12b65: mov dx, 0x730 0x12b68: int 0x21 0x12b6a: push cs 0x12b6b: pop ds 0x12b6c: xor ax, ax 0x12b6e: mov es, ax 0x12b70: mov ax, word ptr es:[0x84] 0x12b74: mov word ptr [0x14e], ax 0x12b77: mov ax, word ptr es:[0x86] 0x12b7b: mov word ptr [0x150], ax 0x12b7e: mov dx, 0x3ea 0x12b81: mov word ptr es:[0x84], dx
2018-12-25T12:44:01.455621146Z	53	PC: 12b5a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.457468363Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.458933272Z	75	PC: 12c47 \| Execute program
2018-12-25T12:44:01.473256877Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-25T12:44:01.476384412Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.480907593Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.483019206Z	73	PC: 12c56 \| Release memory
2018-12-25T12:44:01.484449224Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.486943604Z	77	PC: 12c5a \| Get program return code
2018-12-25T12:44:01.488632988Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.490761988Z	49	PC: 12d27 \| Terminate and stay resident (Return code = '0' \| Memory size = '148')
2018-12-25T12:44:01.493665136Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.495704447Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:44:01.497250773Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.499987859Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:44:01.501703409Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.503803094Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:44:01.506391626Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.508539005Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:44:01.509693382Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.513442908Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:44:01.514520319Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.516585361Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:01.518282183Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.520434436Z	62	PC: 122ab \| Close file
2018-12-25T12:44:01.52180609Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.52492611Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.526335169Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.528321082Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.53010855Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.532712484Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.534273371Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.536912721Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.538745313Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.540920406Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.543847277Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.545723388Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.547978687Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.55061426Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.552826488Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.555016101Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.556651986Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.559175373Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.560922942Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.563487544Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.565517124Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.567972692Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.569928023Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.572937186Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.575054487Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.577553059Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.57912624Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.581130613Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:44:01.583870084Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.585941938Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T12:44:01.587685052Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.589744914Z	56	PC: 94df9 \| Get or set country info
2018-12-25T12:44:01.59170308Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.593721897Z	64	PC: 9a848 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:44:01.599089519Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.601922448Z	25	PC: 94e62 \| Get default drive
2018-12-25T12:44:01.603743006Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.606107988Z	71	PC: 970dd \| Get current directory
2018-12-25T12:44:01.610287648Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.612300064Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T12:44:01.61545668Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.618109738Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T12:44:01.620107657Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.622179423Z	93	PC: 94f20 \| File sharing functions
2018-12-25T12:44:01.624428003Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.626424415Z	93	PC: 94f27 \| File sharing functions
2018-12-25T12:44:01.628044945Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.631358893Z	10	PC: 94f39 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15618,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:01.734108563Z	224	PC: 12ad1 \| UNKNOWN!
2018-12-25T12:44:01.735483823Z	74	PC: 12b41 \| Reallocate memory
2018-12-25T12:44:01.738354885Z	42	PC: 12b4a \| Get date 0x12b4a: cmp dx, 0x201 0x12b4e: jne 0x12b55 0x12b50: mov byte ptr [0x15a], 1 0x12b55: mov ax, 0x351c 0x12b58: int 0x21 0x12b5a: mov word ptr [0x156], bx 0x12b5e: mov word ptr [0x158], es 0x12b62: mov ax, 0x251c 0x12b65: mov dx, 0x730 0x12b68: int 0x21 0x12b6a: push cs 0x12b6b: pop ds 0x12b6c: xor ax, ax 0x12b6e: mov es, ax 0x12b70: mov ax, word ptr es:[0x84] 0x12b74: mov word ptr [0x14e], ax 0x12b77: mov ax, word ptr es:[0x86] 0x12b7b: mov word ptr [0x150], ax 0x12b7e: mov dx, 0x3ea 0x12b81: mov word ptr es:[0x84], dx
2018-12-25T12:44:01.741242451Z	53	PC: 12b5a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.742988941Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:01.745406234Z	75	PC: 12c47 \| Execute program
2018-12-25T12:44:01.761424463Z	42	PC: 12d36 \| Get date 0x12d36: cmp dx, 0x201 0x12d3a: jne 0x12d44 0x12d3c: push cs 0x12d3d: pop ds 0x12d3e: mov byte ptr cs:[0x15a], 1 0x12d44: pop dx 0x12d45: pop cx 0x12d46: pop ax 0x12d47: cmp ah, 0xe0 0x12d4a: jne 0x12d67 0x12d4c: popf 0x12d4d: mov ax, 0x300 0x12d50: cmp cx, 0xfedc 0x12d54: jne 0x12d5c 0x12d56: mov bx, 0x3e7 0x12d59: push cs 0x12d5a: pop es 0x12d5b: iret 0x12d5c: mov bx, word ptr cs:[0x14e] 0x12d61: mov es, word ptr cs:[0x150]
2018-12-25T12:44:01.763888206Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.769445834Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.771950628Z	73	PC: 12c56 \| Release memory
2018-12-25T12:44:01.773451117Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.776371215Z	77	PC: 12c5a \| Get program return code
2018-12-25T12:44:01.778176368Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.780848773Z	49	PC: 12d27 \| Terminate and stay resident (Return code = '0' \| Memory size = '148')
2018-12-25T12:44:01.783223699Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.786226051Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:44:01.787468254Z	42	PC: 12d36 \| Get date (See above)
2018-12-25T12:44:01.789631309Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:44:01.791732995Z	42	PC: 12d36 \| Get date (See above)