Sample viewer

vx.netlux.org/Virus.DOS.Protect.1323

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:58.147563666Z	115	PC: 12cfc \| UNKNOWN!
2018-12-17T23:07:58.148845996Z	73	PC: 12d07 \| Release memory
2018-12-17T23:07:58.155008377Z	74	PC: 12d24 \| Reallocate memory
2018-12-17T23:07:58.157968109Z	18	PC: 12d2b \| Find next file
2018-12-17T23:07:58.160464596Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.167237409Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T23:07:58.172790735Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.175717839Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')
2018-12-17T23:07:58.182080372Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.184826744Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:07:58.186923632Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.190242519Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:07:58.193118194Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.195897941Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:07:58.199298783Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.201798519Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:07:58.20363881Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.20633212Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:07:58.208390667Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.210780731Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:58.2121507Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.219550269Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.221398327Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.224051431Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.226520713Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.229100614Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.230867576Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.234039921Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.236672732Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.239445129Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.242507643Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.244244117Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.245670955Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.252943499Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.255639536Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.258503204Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.260640495Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.267452837Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.269409171Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.272155562Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.275582762Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.278469366Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.280580361Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.284028049Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.285900737Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.288360979Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.290746084Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.293196994Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.294966766Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.297637741Z	62	PC: 122ab \| Close file
2018-12-17T23:07:58.302470795Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.305282638Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-17T23:07:58.307218249Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.311150236Z	56	PC: 945e9 \| Get or set country info
2018-12-17T23:07:58.313713132Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.316526004Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:07:58.322568701Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.325154313Z	25	PC: 94652 \| Get default drive
2018-12-17T23:07:58.32711039Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.331118672Z	71	PC: 968cd \| Get current directory
2018-12-17T23:07:58.337143039Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.340026153Z	64	PC: 9a038 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:07:58.344812384Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.347296404Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-17T23:07:58.349773938Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.35292878Z	93	PC: 94710 \| File sharing functions
2018-12-17T23:07:58.355917443Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.358915561Z	93	PC: 94717 \| File sharing functions
2018-12-17T23:07:58.361583969Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-17T23:07:58.364525227Z	10	PC: 94729 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16037,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:06.005243662Z	115	PC: 12cfc \| UNKNOWN!
2018-12-25T12:45:06.009674747Z	73	PC: 12d07 \| Release memory
2018-12-25T12:45:06.011469245Z	74	PC: 12d24 \| Reallocate memory
2018-12-25T12:45:06.013181328Z	18	PC: 12d2b \| Find next file
2018-12-25T12:45:06.016215905Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-25T12:45:06.017933616Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:45:06.020666004Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.02312976Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')
2018-12-25T12:45:06.025361934Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.02687728Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:45:06.027879192Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.029772283Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:45:06.031111763Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.032708702Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:45:06.034754453Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.036312515Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:45:06.037523525Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.040267582Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:45:06.04604401Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.048492867Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:06.050639527Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.052938137Z	62	PC: 122ab \| Close file
2018-12-25T12:45:06.054609562Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.058358849Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.060104197Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.06238742Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.065434637Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.068201805Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.071182624Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.074695716Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.076436935Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.078890484Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.080923512Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.08472975Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.08705656Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.090607109Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.093094746Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.09832017Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.100134234Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.102857707Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.10444791Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.106588266Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.109034477Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.111192758Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.112722921Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.127131364Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.128727627Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.130858956Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.133280302Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.13537951Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:06.138197505Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.142362559Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-25T12:45:06.143877018Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.146247156Z	56	PC: 945e9 \| Get or set country info
2018-12-25T12:45:06.149083333Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.151182434Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:45:06.155452399Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.158297383Z	25	PC: 94652 \| Get default drive
2018-12-25T12:45:06.15974833Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.161665235Z	71	PC: 968cd \| Get current directory
2018-12-25T12:45:06.167028206Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.1689747Z	64	PC: 9a038 \| Write file or device (See above)
2018-12-25T12:45:06.173274463Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.175981367Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-25T12:45:06.178264404Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.180360072Z	93	PC: 94710 \| File sharing functions
2018-12-25T12:45:06.183200674Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.185499278Z	93	PC: 94717 \| File sharing functions
2018-12-25T12:45:06.187366661Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:06.19321356Z	10	PC: 94729 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16037,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:07.566054207Z	115	PC: 12cfc \| UNKNOWN!
2018-12-25T12:45:07.567247024Z	73	PC: 12d07 \| Release memory
2018-12-25T12:45:07.56895795Z	74	PC: 12d24 \| Reallocate memory
2018-12-25T12:45:07.570334657Z	18	PC: 12d2b \| Find next file
2018-12-25T12:45:07.572603763Z	44	PC: 9f6cb \| Get time 0x9f6cb: cmp ch, cl 0x9f6cd: jne 0x9f6d5 0x9f6cf: mov byte ptr cs:[0x64], 1 0x9f6d5: pop dx 0x9f6d6: pop cx 0x9f6d7: pop ax 0x9f6d8: ljmp ptr cs:[0] 0x9f6dd: mov ax, 0x2371 0x9f6e0: iret 0x9f6e1: push ds 0x9f6e2: push es 0x9f6e3: push bp 0x9f6e4: push si 0x9f6e5: push di 0x9f6e6: push ax 0x9f6e7: push bx 0x9f6e8: push cx 0x9f6e9: push dx 0x9f6ea: pushf 0x9f6eb: mov cx, 0
2018-12-25T12:45:07.575825715Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:45:07.581159493Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.584521345Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')
2018-12-25T12:45:07.58855147Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.592011934Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:45:07.593860883Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.596879689Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:45:07.598991732Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.601354965Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:45:07.608578945Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.610926148Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:45:07.612064799Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.615141718Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:45:07.616395614Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.618987379Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:07.621183119Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.623590911Z	62	PC: 122ab \| Close file
2018-12-25T12:45:07.625250998Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.629121389Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.632240843Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.63509096Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.638682446Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.641405305Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.643244409Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.645630395Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.648559422Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.651409505Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.653211368Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.657528937Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.65946666Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.661831732Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.66440924Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.666729516Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.669856539Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.673600986Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.682166315Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.68444249Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.689556068Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.691934971Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.693614005Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.696524742Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.698221223Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.700708558Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.706578916Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.709127813Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:45:07.712909335Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.71595092Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-25T12:45:07.717956561Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.720693517Z	56	PC: 945e9 \| Get or set country info
2018-12-25T12:45:07.724190638Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.726883823Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:45:07.732367825Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.73525674Z	25	PC: 94652 \| Get default drive
2018-12-25T12:45:07.73834749Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.741112973Z	71	PC: 968cd \| Get current directory
2018-12-25T12:45:07.745828158Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.749193549Z	64	PC: 9a038 \| Write file or device (See above)
2018-12-25T12:45:07.755813406Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.758599829Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-25T12:45:07.762285333Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.765834569Z	93	PC: 94710 \| File sharing functions
2018-12-25T12:45:07.768547344Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.773043609Z	93	PC: 94717 \| File sharing functions
2018-12-25T12:45:07.775349699Z	44	PC: 9f6cb \| Get time (See above)
2018-12-25T12:45:07.778107883Z	10	PC: 94729 \| Buffered keyboard input