Sample viewer

vx.netlux.org/Virus.DOS.Cybercide.2229

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:41.858594343Z	221	PC: 12a49 \| UNKNOWN!
2018-12-17T23:10:41.860153742Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:41.861454323Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:41.862647895Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:41.864215887Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:41.86656237Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.868779916Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.870952664Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:41.873011495Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.87515805Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.877328661Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:41.881618454Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.884161933Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.886433052Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:10:41.888630669Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.890983614Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.893420164Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:10:41.896585892Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.901492666Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.903714874Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:10:41.906162659Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.908863994Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.911220917Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:10:41.912657325Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.915421895Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.917827075Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:41.91931931Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.925706484Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.928581989Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:41.929795432Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.932914834Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.935221761Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.937100986Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.940668353Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.942812959Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.944307544Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.947548881Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.949999503Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.951931593Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.954646167Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.957165747Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.960417755Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.963297739Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.966113852Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.968898033Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.973735602Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.976052615Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.977839326Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.980773124Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.983195488Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.984995334Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.988258806Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.990235998Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.991641897Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.993823727Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:41.996185946Z	62	PC: 122ab \| Close file
2018-12-17T23:10:41.997630642Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:41.999909691Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.002812286Z	62	PC: 122ab \| Close file
2018-12-17T23:10:42.004276403Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.006561977Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.009114022Z	62	PC: 122ab \| Close file
2018-12-17T23:10:42.010803791Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.013357436Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.017950555Z	62	PC: 122ab \| Close file
2018-12-17T23:10:42.020405533Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.022729965Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.025701115Z	62	PC: 122ab \| Close file
2018-12-17T23:10:42.027425128Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.029836802Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.033565046Z	62	PC: 122ab \| Close file
2018-12-17T23:10:42.03578736Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.038459841Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.041262202Z	62	PC: 122ab \| Close file
2018-12-17T23:10:42.043879377Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:10:42.064150278Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.074345004Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.076724113Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-17T23:10:42.078203855Z	62	PC: 9eeaf \| Close file
2018-12-17T23:10:42.081458562Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:10:42.087336974Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.089375393Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.091949386Z	66	PC: 12372 \| Move file pointer
2018-12-17T23:10:42.093656296Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.095989622Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.09820405Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T23:10:42.111461165Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.114028474Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.117861567Z	62	PC: 1238a \| Close file
2018-12-17T23:10:42.121421548Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.123925766Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.126716901Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-17T23:10:42.128326659Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.130750859Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.133825451Z	56	PC: 93b39 \| Get or set country info
2018-12-17T23:10:42.135696856Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.138170185Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.142057624Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:10:42.146470438Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.1485492Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.151358253Z	25	PC: 93ba2 \| Get default drive
2018-12-17T23:10:42.154675767Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.157227099Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.160803348Z	71	PC: 95e1d \| Get current directory
2018-12-17T23:10:42.16499327Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.167697004Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.170550751Z	64	PC: 99588 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:10:42.173800261Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.176025816Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.179590825Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-17T23:10:42.182182538Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.184742748Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.188462166Z	93	PC: 93c60 \| File sharing functions
2018-12-17T23:10:42.190589522Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.193076063Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.197171528Z	93	PC: 93c67 \| File sharing functions
2018-12-17T23:10:42.198992379Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-17T23:10:42.201120594Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-17T23:10:42.204065495Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:18.319271303Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:18.320514789Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:18.321652037Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:18.322739907Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:18.32440717Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:18.325649147Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:18.397219399Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:18.398714961Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:18.399854252Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:18.400918941Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:18.403012694Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:18.404126801Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:19.299573038Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:19.300774922Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:19.301919132Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:19.303002585Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:19.304998357Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:19.306059577Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:19.995998189Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:19.997327262Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:19.9984363Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:19.999281937Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:20.000972064Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:20.00203126Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:54:20.003898805Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:20.005311245Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.007546534Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:20.010579094Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.013030447Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:54:20.014768705Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.017287201Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:54:20.025026076Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.027150627Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:54:20.02916439Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.031342596Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:20.039476793Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.041678242Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:54:20.043162882Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.052536707Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:20.053727565Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.056904113Z	62	PC: 122ab \| Close file
2018-12-25T12:54:20.059381382Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.061332263Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.062722811Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.065237727Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.0667202Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.068760806Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.070908593Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.072972259Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.074480561Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.077207416Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.079051688Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.081414415Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.08379533Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.085978123Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.087690321Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.094675942Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.096275872Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.098315419Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.100783288Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.10274992Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.104121489Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.106907012Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.108419693Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.110480386Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.112514438Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.114549444Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.115987703Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.118942035Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.121410936Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:20.127612826Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.130656514Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-25T12:54:20.131841734Z	62	PC: 9eeaf \| Close file
2018-12-25T12:54:20.133410151Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:20.140378532Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.142545815Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:54:20.143874081Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.146784108Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:54:20.15949041Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.16177855Z	62	PC: 1238a \| Close file
2018-12-25T12:54:20.165668784Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.167949527Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:54:20.169389361Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.172036529Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:54:20.174266836Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.176497564Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:54:20.181427056Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.183544783Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:54:20.185101071Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.187546365Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:54:20.191385984Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.193371921Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:54:20.196901502Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.199096645Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:54:20.201300263Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.203865185Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:54:20.205448641Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.207439289Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:54:20.209631818Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.212514615Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:20.196504068Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:20.198452077Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:20.199557867Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:20.200789772Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:20.203235878Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:20.204342274Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:54:20.206365411Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:20.20804403Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.21015977Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:20.213254357Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.21571527Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:54:20.217297353Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.220279375Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:54:20.223039411Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.225192781Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:54:20.227233903Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.229174407Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:20.230772024Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.233095293Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:54:20.234537324Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.237182043Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:20.238136202Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.239487396Z	62	PC: 122ab \| Close file
2018-12-25T12:54:20.241093246Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.243207843Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.244659415Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.247188276Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.24863446Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.250658179Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.252740929Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.25510556Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.257551017Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.267339578Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.268968948Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.271068697Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.286545337Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.288676447Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.290203345Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.292668091Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.294642357Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.29738727Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.298960124Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.301421721Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.302898066Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.304904668Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.306853954Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.309214452Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.31101155Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.313860312Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.315712412Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.318214728Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.321763498Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:20.327956574Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.33013661Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-25T12:54:20.345973524Z	62	PC: 9eeaf \| Close file
2018-12-25T12:54:20.347986648Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:20.35420929Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.357279371Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:54:20.359506914Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.361812871Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:54:20.375941296Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.37790142Z	62	PC: 1238a \| Close file
2018-12-25T12:54:20.38095392Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.383488243Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:54:20.384746743Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.386731854Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:54:20.389446589Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.391798909Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:54:20.396420813Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.41624484Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:54:20.418247716Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.420603526Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:54:20.425410224Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.427504355Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:54:20.429685869Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.431484984Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:54:20.43317793Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.434737672Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:54:20.437126805Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.439048226Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:54:20.44078374Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.443258556Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:20.861126054Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:20.862700903Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:20.863893651Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:20.865033407Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:20.866739468Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:20.867920543Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:54:20.869947281Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:20.871547393Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.873587324Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:20.877176224Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.880155029Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:54:20.88152987Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.883672525Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:54:20.885667829Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.887956629Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:54:20.890022355Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.892037792Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:20.89341069Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.895795036Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:54:20.897217525Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.900515811Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:20.901781898Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.903854736Z	62	PC: 122ab \| Close file
2018-12-25T12:54:20.905858213Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.908081958Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.909783691Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.913199663Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.914878932Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.917005184Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.91927322Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.921302857Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.922768778Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.925587883Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.927223441Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.929348086Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.931645822Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.933780361Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.935352906Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.94841575Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.949844201Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.951859386Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.953740692Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.956171561Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.957822363Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.960666026Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.962659915Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.965134486Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.967098189Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.969574058Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.971540692Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.974000517Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:20.976607307Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:20.982833201Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.984863725Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-25T12:54:20.986182804Z	62	PC: 9eeaf \| Close file
2018-12-25T12:54:20.989483259Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:20.995591153Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:20.997922787Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:54:21.000005517Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.00216971Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:54:21.016313854Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.018906605Z	62	PC: 1238a \| Close file
2018-12-25T12:54:21.022375098Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.024861518Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:54:21.026173173Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.028145815Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:54:21.029985352Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.032363465Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:54:21.036791905Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.03882959Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:54:21.040442725Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.042442564Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:54:21.046196702Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.048453202Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:54:21.051663334Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.053965907Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:54:21.056449119Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.058445263Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:54:21.060172958Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.062469391Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:54:21.064244491Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:21.066423551Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:43.646307128Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T13:07:43.647403095Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:43.654199675Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:07:43.656409994Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T13:07:43.657769586Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:43.659763673Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T13:07:43.662796809Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-25T13:07:43.665254193Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:07:43.66727956Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.669717618Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.672067626Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T13:07:43.676191737Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.679184088Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.681593132Z	77	PC: 11fe0 \| Get program return code
2018-12-25T13:07:43.683389635Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.685789151Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.688704752Z	72	PC: 12174 \| Allocate memory
2018-12-25T13:07:43.691436144Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.694076788Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.696003246Z	72	PC: 1218d \| Allocate memory
2018-12-25T13:07:43.701552972Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.704156257Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.706576153Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T13:07:43.708648669Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.712402971Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.714887336Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T13:07:43.716351881Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.719290248Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.721838595Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:43.723659179Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.727690979Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.731385943Z	62	PC: 122ab \| Close file
2018-12-25T13:07:43.733458691Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.736950814Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.739487542Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.741361792Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.74429564Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.746978262Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.748673635Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.751166583Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.753929754Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.756054353Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.758879866Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.761853212Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.763766239Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.766252324Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.770891773Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.772727617Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.775823425Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.779670298Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.781386725Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.783681884Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.788152221Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.789981097Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.792243096Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.795779187Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.798051357Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.800425859Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.802805066Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.805438235Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.809355287Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.811553101Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.813529209Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.815930216Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.822461399Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.825197664Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.827660824Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.830256178Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.83269732Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.835145971Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.837425762Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.839650161Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.842041774Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.844985256Z	62	PC: 122ab \| Close file (See above)
2018-12-25T13:07:43.848908281Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T13:07:43.855819937Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.858867823Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.861703681Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-25T13:07:43.863004839Z	62	PC: 9eeaf \| Close file
2018-12-25T13:07:43.865475037Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T13:07:43.873099916Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.876087796Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.878612363Z	66	PC: 12372 \| Move file pointer
2018-12-25T13:07:43.881041122Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.883831625Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.886112076Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T13:07:43.902500484Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.905586279Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.908210037Z	62	PC: 1238a \| Close file
2018-12-25T13:07:43.912135037Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.915242256Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.91792969Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T13:07:43.919739248Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.923108337Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.926446976Z	56	PC: 93b39 \| Get or set country info
2018-12-25T13:07:43.928918782Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.932398694Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.93522981Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T13:07:43.94081776Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.9450368Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.949124811Z	25	PC: 93ba2 \| Get default drive
2018-12-25T13:07:43.950967892Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.954098653Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.956758066Z	71	PC: 95e1d \| Get current directory
2018-12-25T13:07:43.962785679Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.96530021Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.967797612Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T13:07:43.971406803Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.973735301Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.976422583Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T13:07:43.978775183Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.981028533Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.98421527Z	93	PC: 93c60 \| File sharing functions
2018-12-25T13:07:43.985837472Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.987591593Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.990019547Z	93	PC: 93c67 \| File sharing functions
2018-12-25T13:07:43.991884444Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T13:07:43.99344891Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T13:07:43.996422704Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:22.32506444Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:22.32680977Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:22.327928554Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:22.32946852Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:22.331355733Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:22.332477335Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:54:22.335007191Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-25T12:54:22.337682697Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:22.338881612Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.340956082Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.343942588Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:22.346586593Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.348266141Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.350215191Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:54:22.351141351Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.35253656Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.354161426Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:54:22.356324889Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.357691155Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.359089777Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:54:22.369340294Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.371725388Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.374674432Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:22.376880321Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.379000415Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.381027782Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:54:22.383170444Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.38527779Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.387398508Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:22.396173574Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.398289024Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.400671405Z	62	PC: 122ab \| Close file
2018-12-25T12:54:22.40323286Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.405776522Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.407958996Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.410072781Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.411849033Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.41353339Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.415457109Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.417197002Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.418899727Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.420896457Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.422331828Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.423688443Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.425282909Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.427070242Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.428731578Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.430856049Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.432242038Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.433574748Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.43516213Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.43661904Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.437941443Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.439565283Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.440946708Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.442254812Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.444082497Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.446317743Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.448513877Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.450920893Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.452797473Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.454572159Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.456576585Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.458678525Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.460699929Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.462807682Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.464949896Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.467011528Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.470104548Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.471846957Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.473533479Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.486521231Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.488602359Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.490662879Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:22.494076653Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:22.499296789Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.501290777Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.507770316Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-25T12:54:22.509269097Z	62	PC: 9eeaf \| Close file
2018-12-25T12:54:22.511036211Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:22.516802607Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.518738339Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.520627214Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:54:22.522301961Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.524993785Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.526999818Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:54:22.537655564Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.539752392Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.541474091Z	62	PC: 1238a \| Close file
2018-12-25T12:54:22.544254511Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.546461947Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.54841513Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:54:22.549742811Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.551852848Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.55349053Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:54:22.555014783Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.557287879Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.559614661Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:54:22.563273872Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.565292703Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.567090873Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:54:22.568518486Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.57030858Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.571949706Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:54:22.574907931Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.57645714Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.57774985Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:54:22.579708387Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.581250259Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.582551258Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:54:22.583935607Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.585454521Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.586796962Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:54:22.587897099Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.589492838Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.590877728Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:54:22.592055062Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:22.59373054Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:22.595007609Z	10	PC: 93c79 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16950,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:24.720533192Z	221	PC: 12a49 \| UNKNOWN!
2018-12-25T12:54:24.721914235Z	53	PC: 12a58 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:24.724506043Z	53	PC: 12a65 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:24.725576441Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:24.727518445Z	37	PC: 12aaf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:24.728582969Z	44	PC: 9ecb0 \| Get time 0x9ecb0: cmp ch, 0 0x9ecb3: jne 0x9ecba 0x9ecb5: mov dx, 0x24d 0x9ecb8: jmp dx 0x9ecba: cmp cl, 0 0x9ecbd: jne 0x9ecc4 0x9ecbf: mov ax, 0x2b8 0x9ecc2: jmp ax 0x9ecc4: mov ah, 0x2a 0x9ecc6: int 0x21 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp
2018-12-25T12:54:24.730519609Z	42	PC: 9ecc8 \| Get date 0x9ecc8: cmp al, 6 0x9ecca: je 0x9ec51 0x9eccc: pop dx 0x9eccd: pop cx 0x9ecce: pop ax 0x9eccf: popf 0x9ecd0: ljmp 0x19:0x40f8 0x9ecd5: ljmp ptr cs:[0x391] 0x9ecda: ret 0x9ecdb: push bp 0x9ecdc: mov bp, 0x5ab 0x9ecdf: jmp bp 0x9ece1: push bp 0x9ece2: mov bp, 0x413 0x9ece5: jmp bp 0x9ece7: popf 0x9ece8: mov ax, 0x3d33 0x9eceb: iret 0x9ecec: popf 0x9eced: pushf
2018-12-25T12:54:24.732987355Z	37	PC: 12ab7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:24.734111168Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.736164941Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.738662421Z	37	PC: 12abf \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:54:24.741688472Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.74370398Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.746096854Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:54:24.74768183Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.749917446Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.75307611Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:54:24.754828134Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.7569396Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.759005951Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:54:24.761345151Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.763322392Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.765234187Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:24.76662751Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.768778881Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.771050967Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:54:24.781011843Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.782939466Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.78482949Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:24.786857584Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.78890838Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.790904567Z	62	PC: 122ab \| Close file
2018-12-25T12:54:24.793677807Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.79588869Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.797784528Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.799773815Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.801733599Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.803665941Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.805169676Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.807531724Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.809510143Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.811785303Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.813735709Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.815973734Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.818018211Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.820527382Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.822844313Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.824966894Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.826993654Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.828922835Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.832558215Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.834539268Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.836449128Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.837964151Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.841260547Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.843334173Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.845001183Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.84716265Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.849358696Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.851194072Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.853883283Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.856192476Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.858079341Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.860579152Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.862484302Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.864005792Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.866472591Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.868295149Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.869788337Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.875577885Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.878306788Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.885756624Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.887958554Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.889831967Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:54:24.892450148Z	61	PC: 9ef2a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:24.898661031Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.900583648Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.90261377Z	87	PC: 9ef33 \| Get or set file date and time
2018-12-25T12:54:24.903837587Z	62	PC: 9eeaf \| Close file
2018-12-25T12:54:24.905380308Z	61	PC: 9eebe \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:54:24.911272792Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.913214791Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.91508336Z	66	PC: 12372 \| Move file pointer
2018-12-25T12:54:24.916388009Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.918486269Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.920249586Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:54:24.932287046Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.934564158Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.936489248Z	62	PC: 1238a \| Close file
2018-12-25T12:54:24.939938354Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.943012211Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.944974892Z	99	PC: 99317 \| Get DBCS lead byte table pointer
2018-12-25T12:54:24.946170273Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.949149179Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.951520325Z	56	PC: 93b39 \| Get or set country info
2018-12-25T12:54:24.953286462Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.955276267Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.957973678Z	64	PC: 99588 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:54:24.962493731Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.964644248Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.966708606Z	25	PC: 93ba2 \| Get default drive
2018-12-25T12:54:24.968667939Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.970767626Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.97308601Z	71	PC: 95e1d \| Get current directory
2018-12-25T12:54:24.976830272Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.978946429Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.98072371Z	64	PC: 99588 \| Write file or device (See above)
2018-12-25T12:54:24.983609731Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.98558974Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.987501482Z	2	PC: 95df2 \| Character output (Char = '3e')
2018-12-25T12:54:24.989442793Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.991456943Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.993356209Z	93	PC: 93c60 \| File sharing functions
2018-12-25T12:54:24.994866404Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:24.996842171Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:24.998763864Z	93	PC: 93c67 \| File sharing functions
2018-12-25T12:54:25.000382506Z	44	PC: 9ecb0 \| Get time (See above)
2018-12-25T12:54:25.002384168Z	42	PC: 9ecc8 \| Get date (See above)
2018-12-25T12:54:25.004263579Z	10	PC: 93c79 \| Buffered keyboard input