Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Macbeth.5894

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:05:11.826799608Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:11.828391811Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:11.830438614Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:11.831599639Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:11.833908287Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:11.836971314Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:11.838112258Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:11.840041878Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:11.841218399Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:11.842282779Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:11.844084991Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:11.846658843Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:11.848992034Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:11.851568227Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:11.853500985Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:11.85560519Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:11.857831881Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:11.860305116Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:11.877724272Z	53	PC: 13a9a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:11.879008569Z	37	PC: 13aaf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:11.885465028Z	37	PC: 13ab7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:11.887583971Z	37	PC: 13abf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:11.888918693Z	37	PC: 13ac7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:11.8911258Z	68	PC: 1477e \| I/O control for devices (Set for = '')
2018-12-17T22:05:11.892839434Z	44	PC: 148b5 \| Get time 0x148b5: mov word ptr [0x6e], cx 0x148b9: mov word ptr [0x70], dx 0x148bd: retf 0x148be: call 0x14905 0x148c1: jb 0x148d2 0x148c3: mov cx, word ptr es:[di + 4] 0x148c7: cmp cx, 1 0x148ca: je 0x148d2 0x148cc: xor bx, bx 0x148ce: push cs 0x148cf: call 0x24446 0x148d2: retf 4 0x148d5: call 0x14905 0x148d8: jb 0x148ed 0x148da: mov ax, cx 0x148dc: mov dx, bx 0x148de: mov cx, word ptr es:[di + 4] 0x148e2: cmp cx, 1 0x148e5: je 0x148ed 0x148e7: xor bx, bx
2018-12-17T22:05:11.895297047Z	48	PC: 142ae \| Get DOS version
2018-12-17T22:05:11.905987013Z	61	PC: 14160 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:11.912768656Z	87	PC: 137d0 \| Get or set file date and time
2018-12-17T22:05:11.914504247Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:11.917226171Z	25	PC: 1433b \| Get default drive
2018-12-17T22:05:11.91827328Z	71	PC: 1434e \| Get current directory
2018-12-17T22:05:11.923701237Z	26	PC: 1382d \| Set disk transfer address
2018-12-17T22:05:11.925233093Z	78	PC: 13839 \| Find first file
2018-12-17T22:05:11.935021088Z	61	PC: 14762 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:05:11.941874954Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.94901288Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.951619713Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.954124071Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.957231834Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.959121131Z	62	PC: 13ed2 \| Close file
2018-12-17T22:05:11.962012736Z	26	PC: 13851 \| Set disk transfer address
2018-12-17T22:05:11.963901525Z	79	PC: 13856 \| Find next file
2018-12-17T22:05:11.967550874Z	61	PC: 14762 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:05:11.974665427Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.982020301Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.984900598Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.987542424Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:11.992088452Z	62	PC: 13ed2 \| Close file
2018-12-17T22:05:11.994809994Z	61	PC: 14160 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:05:12.00168791Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.004240509Z	63	PC: 14233 \| Read file or device (Read 5894 bytes on handle 5)
2018-12-17T22:05:12.011322018Z	66	PC: 1491f \| Move file pointer
2018-12-17T22:05:12.013093086Z	66	PC: 1492d \| Move file pointer
2018-12-17T22:05:12.016505789Z	66	PC: 1493b \| Move file pointer
2018-12-17T22:05:12.017906902Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.019243485Z	64	PC: 14233 \| Write file or device (Write 5894 bytes on handle 5)
2018-12-17T22:05:12.341132284Z	61	PC: 14160 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:12.349077132Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.350860146Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.353535925Z	63	PC: 14233 \| Read file or device (Read 5894 bytes on handle 6)
2018-12-17T22:05:12.36132036Z	64	PC: 14233 \| Write file or device (Write 5894 bytes on handle 5)
2018-12-17T22:05:12.368634729Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.371352809Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.379739885Z	61	PC: 14160 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:05:12.387007361Z	87	PC: 137fd \| Get or set file date and time
2018-12-17T22:05:12.389156387Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.3958776Z	25	PC: 1433b \| Get default drive
2018-12-17T22:05:12.397186035Z	71	PC: 1434e \| Get current directory
2018-12-17T22:05:12.401413691Z	26	PC: 1382d \| Set disk transfer address
2018-12-17T22:05:12.402639197Z	78	PC: 13839 \| Find first file
2018-12-17T22:05:12.409054264Z	61	PC: 14762 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:12.416962155Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:12.427540615Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:12.429992362Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:12.432619178Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:12.435186422Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:12.438090154Z	63	PC: 13e61 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:05:12.440792319Z	62	PC: 13ed2 \| Close file
2018-12-17T22:05:12.443327478Z	48	PC: 142ae \| Get DOS version
2018-12-17T22:05:12.444530255Z	26	PC: 13851 \| Set disk transfer address
2018-12-17T22:05:12.445535002Z	79	PC: 13856 \| Find next file
2018-12-17T22:05:12.448199865Z	48	PC: 142ae \| Get DOS version
2018-12-17T22:05:12.449471355Z	61	PC: 14160 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:12.455802473Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.457527573Z	63	PC: 14233 \| Read file or device (Read 5894 bytes on handle 5)
2018-12-17T22:05:12.4649509Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.467011195Z	48	PC: 142ae \| Get DOS version
2018-12-17T22:05:12.468968272Z	61	PC: 14160 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:12.475534198Z	66	PC: 1491f \| Move file pointer
2018-12-17T22:05:12.476914992Z	66	PC: 1492d \| Move file pointer
2018-12-17T22:05:12.479147263Z	66	PC: 1493b \| Move file pointer
2018-12-17T22:05:12.480546661Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.482775183Z	63	PC: 14233 \| Read file or device (Read 5894 bytes on handle 5)
2018-12-17T22:05:12.491444354Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.493228066Z	64	PC: 14233 \| Write file or device (Write 5894 bytes on handle 5)
2018-12-17T22:05:12.506618906Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.51509539Z	48	PC: 142ae \| Get DOS version
2018-12-17T22:05:12.516328621Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:12.517323944Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:12.518871773Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:12.519875493Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:12.520875475Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:12.522287641Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:12.523305698Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:12.524351152Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:12.525683499Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:12.526656324Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:12.527580073Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:12.529068659Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:12.529999536Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:12.530961387Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:12.53238901Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:12.533404219Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:12.534367247Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:12.536291718Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:12.537222923Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:12.538065816Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:12.539411403Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:12.540923837Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:12.542224784Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:12.543659894Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:12.544864846Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:12.545928064Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:12.547220071Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:12.54817992Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:12.548980139Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:12.557835584Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:12.558669947Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:12.559581107Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:12.56050632Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:12.561460856Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:12.56223382Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:12.56334421Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:12.564213384Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:12.565122052Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:12.56653751Z	41	PC: 139cf \| Parse filename
2018-12-17T22:05:12.567764928Z	41	PC: 139dd \| Parse filename
2018-12-17T22:05:12.569030116Z	75	PC: 139e8 \| Execute program
2018-12-17T22:05:12.584484949Z	9	PC: 1e281 \| Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-17T22:05:12.586837263Z	76	PC: 1e286 \| Terminate with return code (Return code = '0')
2018-12-17T22:05:12.589735341Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:12.591877945Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:12.592916447Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:12.594067849Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:12.595486639Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:12.596588073Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:12.597745518Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:12.599174382Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:12.600187732Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:12.601893445Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:12.602973323Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:12.603881168Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:12.60546433Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:12.60646841Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:12.607419532Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:12.608938475Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:12.609885297Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:12.610730601Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:12.612002617Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:12.612960827Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:12.613837122Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:12.615316822Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:12.616321Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:12.617199979Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:12.618464895Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:12.6194948Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:12.620361751Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:12.621939786Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:12.622897466Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:12.623862872Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:12.625200372Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:12.62614217Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:12.627058255Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:12.62827608Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:12.629257011Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:12.630633324Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:12.63156666Z	53	PC: 13a18 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:12.632405212Z	37	PC: 13a21 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:12.633822576Z	61	PC: 14160 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:12.640759941Z	66	PC: 14292 \| Move file pointer
2018-12-17T22:05:12.64201238Z	64	PC: 14233 \| Write file or device (Write 5894 bytes on handle 5)
2018-12-17T22:05:12.650073915Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.658165403Z	61	PC: 14160 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:05:12.664622162Z	87	PC: 137fd \| Get or set file date and time
2018-12-17T22:05:12.666425272Z	62	PC: 141b0 \| Close file
2018-12-17T22:05:12.673039417Z	42	PC: 13757 \| Get date 0x13757: xor ah, ah 0x13759: les di, ptr [bp + 6] 0x1375c: stosw word ptr es:[di], ax 0x1375d: mov al, dl 0x1375f: les di, ptr [bp + 0xa] 0x13762: stosw word ptr es:[di], ax 0x13763: mov al, dh 0x13765: les di, ptr [bp + 0xe] 0x13768: stosw word ptr es:[di], ax 0x13769: xchg ax, cx 0x1376a: les di, ptr [bp + 0x12] 0x1376d: stosw word ptr es:[di], ax 0x1376e: pop bp 0x1376f: retf 0x10 0x13772: push bp 0x13773: mov bp, sp 0x13775: mov cx, word ptr [bp + 0xa] 0x13778: mov dh, byte ptr [bp + 8] 0x1377b: mov dl, byte ptr [bp + 6] 0x1377e: mov ah, 0x2b
2018-12-17T22:05:12.675201537Z	64	PC: 13eb8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:05:12.676916363Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:12.67789121Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:05:12.67884763Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:05:12.680159413Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:05:12.68106799Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:05:12.68206447Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:05:12.683290734Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:05:12.684287101Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:05:12.685463214Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:05:12.686502707Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:05:12.687481442Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:05:12.6889063Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:05:12.689855032Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:05:12.690777262Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:05:12.692383681Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:05:12.693274001Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:05:12.694325522Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:05:12.695822286Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:05:12.696950851Z	37	PC: 13bf1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:05:12.698315775Z	76	PC: 13c30 \| Terminate with return code (Return code = '0')