Sample viewer

vx.netlux.org/Virus.DOS.Horror.1182

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:28.396339858Z 75 PC: 12f27 | Execute program
2018-12-17T22:17:28.398534032Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.399940302Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.401191121Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.403699623Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-17T22:17:28.405073796Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-17T22:17:28.4073311Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.410798524Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.412293234Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.413765072Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:28.415458276Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.422502918Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.424082012Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.425597141Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.43033454Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:28.432927486Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-17T22:17:28.436111558Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-17T22:17:28.443426352Z 66 PC: 9fa6a | Move file pointer
2018-12-17T22:17:28.44584608Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:17:28.454683402Z 62 PC: 9fa7e | Close file
2018-12-17T22:17:28.458639816Z 67 PC: 9fa92 | Get or set file attributes
2018-12-17T22:17:28.463036761Z 67 PC: 9fa9c | Get or set file attributes
2018-12-17T22:17:28.812739508Z 61 PC: 9faa8 | Open file
2018-12-17T22:17:28.820248777Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:17:28.82309136Z 66 PC: 9fac7 | Move file pointer
2018-12-17T22:17:28.824573152Z 87 PC: 9fb09 | Get or set file date and time
2018-12-17T22:17:28.829693906Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-17T22:17:28.839431358Z 66 PC: 9fb25 | Move file pointer
2018-12-17T22:17:28.841234715Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:17:28.845598519Z 87 PC: 9fade | Get or set file date and time
2018-12-17T22:17:28.847495428Z 62 PC: 9fae2 | Close file
2018-12-17T22:17:28.854639003Z 67 PC: 9faea | Get or set file attributes
2018-12-17T22:17:28.865324512Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.866560345Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:28.867714709Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.869097132Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.871560317Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-17T22:17:28.874592302Z 240 PC: 12ab5 | UNKNOWN!
2018-12-17T22:17:28.875923874Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.878841467Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.880278832Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.881705913Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-17T22:17:28.884315943Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-17T22:17:28.886654298Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:28.89235495Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-17T22:17:28.899335019Z 66 PC: 9f306 | Move file pointer
2018-12-17T22:17:28.901146188Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:17:28.90740366Z 62 PC: 9f31a | Close file
2018-12-17T22:17:28.910524022Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.912406273Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:28.913854178Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.915925514Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:28.91726945Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.918565633Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.9211125Z 67 PC: 9f353 | Get or set file attributes
2018-12-17T22:17:28.926553039Z 67 PC: 9f35d | Get or set file attributes
2018-12-17T22:17:28.935484274Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-17T22:17:28.942509129Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:17:28.945948929Z 66 PC: 9f384 | Move file pointer
2018-12-17T22:17:28.947733976Z 87 PC: 9f3bb | Get or set file date and time
2018-12-17T22:17:28.949646636Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-17T22:17:28.957932322Z 66 PC: 9f3d7 | Move file pointer
2018-12-17T22:17:28.959389764Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:17:28.962311612Z 87 PC: 9f396 | Get or set file date and time
2018-12-17T22:17:28.964884479Z 62 PC: 9f39a | Close file
2018-12-17T22:17:28.972024639Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-17T22:17:28.98169813Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T22:17:28.984034138Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:28.985552526Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:17:28.987430034Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-17T22:17:28.990761357Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3056,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:07.03989022Z 75 PC: 12f27 | Execute program
2018-12-25T11:48:07.041476973Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.042848389Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.043927517Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.045375944Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:07.046657559Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-25T11:48:07.049939978Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.051717222Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.053065729Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.053969345Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.054978985Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.056287656Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.057071395Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.057801581Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.058925868Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.059643592Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-25T11:48:07.060999243Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-25T11:48:07.065031114Z 66 PC: 9fa6a | Move file pointer
2018-12-25T11:48:07.066266737Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:07.071558645Z 62 PC: 9fa7e | Close file
2018-12-25T11:48:07.073309213Z 67 PC: 9fa92 | Get or set file attributes
2018-12-25T11:48:07.078486621Z 67 PC: 9fa9c | Get or set file attributes
2018-12-25T11:48:07.413114348Z 61 PC: 9faa8 | Open file (Filename = '(>Ҡ�*#ۭ�a��&,Ķ�81���w��4"���NG��r���@�3@����ԕ�W��ځ�-d��� ����������c.��� Jj� ]��EM�~ƿ�[���� x�*���5�72���=')
2018-12-25T11:48:07.420294353Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:07.422903007Z 66 PC: 9fac7 | Move file pointer
2018-12-25T11:48:07.424227828Z 87 PC: 9fb09 | Get or set file date and time
2018-12-25T11:48:07.430822404Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:48:07.758435177Z 66 PC: 9fb25 | Move file pointer
2018-12-25T11:48:07.760295791Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:07.764240702Z 87 PC: 9fade | Get or set file date and time
2018-12-25T11:48:07.766099549Z 62 PC: 9fae2 | Close file
2018-12-25T11:48:07.848067656Z 67 PC: 9faea | Get or set file attributes
2018-12-25T11:48:07.860478278Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.861540247Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.863288469Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.870618312Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.872124301Z 42 PC: 13094 | Get date (See above)
2018-12-25T11:48:07.87458149Z 240 PC: 12ab5 | UNKNOWN!
2018-12-25T11:48:07.876145265Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.877297453Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.878432383Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.880330756Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:07.88388338Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-25T11:48:07.886286987Z 37 PC: 12b3b | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.88802051Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.889684485Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-25T11:48:07.895636402Z 66 PC: 9f306 | Move file pointer
2018-12-25T11:48:07.897749516Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:07.90368604Z 62 PC: 9f31a | Close file
2018-12-25T11:48:07.905673652Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.907114701Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.909182668Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.910583716Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.911945406Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.914284363Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.915670944Z 67 PC: 9f353 | Get or set file attributes
2018-12-25T11:48:07.923197032Z 67 PC: 9f35d | Get or set file attributes
2018-12-25T11:48:07.933410451Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-25T11:48:07.940362535Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:07.943122751Z 66 PC: 9f384 | Move file pointer
2018-12-25T11:48:07.945249076Z 87 PC: 9f3bb | Get or set file date and time
2018-12-25T11:48:07.947583138Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-25T11:48:07.95509775Z 66 PC: 9f3d7 | Move file pointer
2018-12-25T11:48:07.956928816Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:07.959639225Z 87 PC: 9f396 | Get or set file date and time
2018-12-25T11:48:07.961149823Z 62 PC: 9f39a | Close file
2018-12-25T11:48:08.004594535Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-25T11:48:08.022882341Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.024030154Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.025681508Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.026959975Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-25T11:48:08.029051987Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3056,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:07.352544577Z 75 PC: 12f27 | Execute program
2018-12-25T11:48:07.354041546Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.355357961Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.356745444Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.358447117Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:07.359563287Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-25T11:48:07.361487168Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.378615195Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.379740285Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.380803741Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.386284147Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.387355938Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.388306577Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.389294016Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.390510974Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.39146069Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-25T11:48:07.393467561Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-25T11:48:07.400116287Z 66 PC: 9fa6a | Move file pointer
2018-12-25T11:48:07.401339075Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:07.407333503Z 62 PC: 9fa7e | Close file
2018-12-25T11:48:07.409914588Z 67 PC: 9fa92 | Get or set file attributes
2018-12-25T11:48:07.415348577Z 67 PC: 9fa9c | Get or set file attributes
2018-12-25T11:48:08.429724589Z 61 PC: 9faa8 | Open file (Filename = '(>Ҡ�*#ۭ�a��&,Ķ�81���w��4"���NG��r���@�3@����ԕ�W��ځ�-d��� ����������c.��� Jj� ]��EM�~ƿ�[���� x�*���5�72���=')
2018-12-25T11:48:08.437105562Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:08.439738191Z 66 PC: 9fac7 | Move file pointer
2018-12-25T11:48:08.441196222Z 87 PC: 9fb09 | Get or set file date and time
2018-12-25T11:48:08.44331856Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:48:08.483424258Z 66 PC: 9fb25 | Move file pointer
2018-12-25T11:48:08.484503191Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:08.489212803Z 87 PC: 9fade | Get or set file date and time
2018-12-25T11:48:08.490374976Z 62 PC: 9fae2 | Close file
2018-12-25T11:48:08.532204682Z 67 PC: 9faea | Get or set file attributes
2018-12-25T11:48:08.563941368Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.565134046Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.566128879Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.567719527Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.569266849Z 42 PC: 13094 | Get date (See above)
2018-12-25T11:48:08.571795406Z 240 PC: 12ab5 | UNKNOWN!
2018-12-25T11:48:08.572950675Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.573953576Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.575016106Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.576626811Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:08.579212459Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-25T11:48:08.581156679Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.583030328Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-25T11:48:08.589848124Z 66 PC: 9f306 | Move file pointer
2018-12-25T11:48:08.591417122Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:08.597959902Z 62 PC: 9f31a | Close file
2018-12-25T11:48:08.599760484Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.601007844Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.602302001Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.604239647Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.605276927Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.606140845Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.608734107Z 67 PC: 9f353 | Get or set file attributes
2018-12-25T11:48:08.61387569Z 67 PC: 9f35d | Get or set file attributes
2018-12-25T11:48:08.649499944Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-25T11:48:08.655897178Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:08.658417454Z 66 PC: 9f384 | Move file pointer
2018-12-25T11:48:08.659840281Z 87 PC: 9f3bb | Get or set file date and time
2018-12-25T11:48:08.661888524Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-25T11:48:08.725854379Z 66 PC: 9f3d7 | Move file pointer
2018-12-25T11:48:08.727115354Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:08.729925056Z 87 PC: 9f396 | Get or set file date and time
2018-12-25T11:48:08.731274025Z 62 PC: 9f39a | Close file
2018-12-25T11:48:08.737582133Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-25T11:48:08.747863079Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.748980579Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.750074862Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.751776598Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-25T11:48:08.75382319Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3056,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:07.799159095Z 75 PC: 12f27 | Execute program
2018-12-25T11:48:07.801557283Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.803195977Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.804802759Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.806626852Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:07.808632857Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-25T11:48:07.811096484Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.813151836Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.814992037Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.816409559Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.817717376Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.819809506Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.821245103Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.822716463Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.824732259Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.825890736Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-25T11:48:07.828240356Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-25T11:48:07.836318783Z 66 PC: 9fa6a | Move file pointer
2018-12-25T11:48:07.837870957Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:07.844761546Z 62 PC: 9fa7e | Close file
2018-12-25T11:48:07.847558424Z 67 PC: 9fa92 | Get or set file attributes
2018-12-25T11:48:07.853706328Z 67 PC: 9fa9c | Get or set file attributes
2018-12-25T11:48:09.215085949Z 61 PC: 9faa8 | Open file (Filename = '=)dz�5>ȸ �r��K_���KL��{�')
2018-12-25T11:48:09.222486693Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.226338645Z 66 PC: 9fac7 | Move file pointer
2018-12-25T11:48:09.227823198Z 87 PC: 9fb09 | Get or set file date and time
2018-12-25T11:48:09.229408921Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:48:09.240978782Z 66 PC: 9fb25 | Move file pointer
2018-12-25T11:48:09.242446244Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.245832389Z 87 PC: 9fade | Get or set file date and time
2018-12-25T11:48:09.248197328Z 62 PC: 9fae2 | Close file
2018-12-25T11:48:09.255910566Z 67 PC: 9faea | Get or set file attributes
2018-12-25T11:48:09.265625481Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.268607762Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.270725454Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.273383018Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.278235868Z 42 PC: 13094 | Get date (See above)
2018-12-25T11:48:09.296463616Z 240 PC: 12ab5 | UNKNOWN!
2018-12-25T11:48:09.298727316Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.30102682Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.302978152Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.304978572Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:09.306925766Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-25T11:48:09.309735396Z 37 PC: 12b3b | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.311391733Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.313624509Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-25T11:48:09.321405605Z 66 PC: 9f306 | Move file pointer
2018-12-25T11:48:09.323439169Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:09.330470621Z 62 PC: 9f31a | Close file
2018-12-25T11:48:09.333879175Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.335297443Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.337088623Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.339691992Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.341637836Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.343347008Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.345770543Z 67 PC: 9f353 | Get or set file attributes
2018-12-25T11:48:09.352416056Z 67 PC: 9f35d | Get or set file attributes
2018-12-25T11:48:09.363108242Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-25T11:48:09.371033222Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.374410172Z 66 PC: 9f384 | Move file pointer
2018-12-25T11:48:09.376760831Z 87 PC: 9f3bb | Get or set file date and time
2018-12-25T11:48:09.378938186Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-25T11:48:09.390177367Z 66 PC: 9f3d7 | Move file pointer
2018-12-25T11:48:09.391824925Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.395000993Z 87 PC: 9f396 | Get or set file date and time
2018-12-25T11:48:09.398222948Z 62 PC: 9f39a | Close file
2018-12-25T11:48:09.405613482Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-25T11:48:09.415893941Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.418714956Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.420218134Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.422089828Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-25T11:48:09.425184745Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3056,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:07.822129936Z 75 PC: 12f27 | Execute program
2018-12-25T11:48:07.825025824Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.827037289Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.828783622Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.830455689Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:07.8367729Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-25T11:48:07.839225861Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.841191264Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.843885588Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.845366456Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.846797777Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.848889664Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:07.850580443Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:07.852253117Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:07.854476766Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:07.856051785Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-25T11:48:07.858646586Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-25T11:48:07.863409162Z 66 PC: 9fa6a | Move file pointer
2018-12-25T11:48:07.86522228Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:07.871645728Z 62 PC: 9fa7e | Close file
2018-12-25T11:48:07.873482262Z 67 PC: 9fa92 | Get or set file attributes
2018-12-25T11:48:07.88000245Z 67 PC: 9fa9c | Get or set file attributes
2018-12-25T11:48:09.219561989Z 61 PC: 9faa8 | Open file (Filename = '=)dz�5>ȸ �r��K_���KL��{�')
2018-12-25T11:48:09.233173508Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.237912928Z 66 PC: 9fac7 | Move file pointer
2018-12-25T11:48:09.239714274Z 87 PC: 9fb09 | Get or set file date and time
2018-12-25T11:48:09.241997217Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:48:09.255471346Z 66 PC: 9fb25 | Move file pointer
2018-12-25T11:48:09.257772141Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.261312696Z 87 PC: 9fade | Get or set file date and time
2018-12-25T11:48:09.263934581Z 62 PC: 9fae2 | Close file
2018-12-25T11:48:09.282551273Z 67 PC: 9faea | Get or set file attributes
2018-12-25T11:48:09.297291189Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.299567246Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.301135982Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.302609983Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.309678738Z 42 PC: 13094 | Get date (See above)
2018-12-25T11:48:09.313980715Z 240 PC: 12ab5 | UNKNOWN!
2018-12-25T11:48:09.315045766Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.316599144Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.319138677Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.320490512Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:09.332821956Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-25T11:48:09.33611816Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.340165281Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-25T11:48:09.347932236Z 66 PC: 9f306 | Move file pointer
2018-12-25T11:48:09.350201798Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:09.35757367Z 62 PC: 9f31a | Close file
2018-12-25T11:48:09.359513032Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.362936928Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.364398852Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.365812333Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.368140016Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.369477174Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.370661966Z 67 PC: 9f353 | Get or set file attributes
2018-12-25T11:48:09.376478166Z 67 PC: 9f35d | Get or set file attributes
2018-12-25T11:48:09.387431713Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-25T11:48:09.394394004Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.397605625Z 66 PC: 9f384 | Move file pointer
2018-12-25T11:48:09.400548366Z 87 PC: 9f3bb | Get or set file date and time
2018-12-25T11:48:09.402460372Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-25T11:48:09.410529784Z 66 PC: 9f3d7 | Move file pointer
2018-12-25T11:48:09.4132878Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.417415241Z 87 PC: 9f396 | Get or set file date and time
2018-12-25T11:48:09.419272152Z 62 PC: 9f39a | Close file
2018-12-25T11:48:09.427040874Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-25T11:48:09.437020274Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.438264302Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.439842823Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.441344517Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-25T11:48:09.444670563Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3056,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:08.003692573Z 75 PC: 12f27 | Execute program
2018-12-25T11:48:08.006589954Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.008241988Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.010218972Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.012004138Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:08.013726592Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-25T11:48:08.016529028Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.019082388Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.020678607Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.021949205Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.023206121Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.024845548Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.025973947Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.026999575Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.028882803Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.030515776Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-25T11:48:08.033718526Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-25T11:48:08.041738802Z 66 PC: 9fa6a | Move file pointer
2018-12-25T11:48:08.043161082Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:08.049583794Z 62 PC: 9fa7e | Close file
2018-12-25T11:48:08.052748379Z 67 PC: 9fa92 | Get or set file attributes
2018-12-25T11:48:08.058649483Z 67 PC: 9fa9c | Get or set file attributes
2018-12-25T11:48:09.219738908Z 61 PC: 9faa8 | Open file (Filename = '=)dz�5>ȸ �r��K_���KL��{�')
2018-12-25T11:48:09.236049405Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.240400445Z 66 PC: 9fac7 | Move file pointer
2018-12-25T11:48:09.242296781Z 87 PC: 9fb09 | Get or set file date and time
2018-12-25T11:48:09.244093348Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:48:09.255793409Z 66 PC: 9fb25 | Move file pointer
2018-12-25T11:48:09.258219736Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.261948405Z 87 PC: 9fade | Get or set file date and time
2018-12-25T11:48:09.264499065Z 62 PC: 9fae2 | Close file
2018-12-25T11:48:09.273094879Z 67 PC: 9faea | Get or set file attributes
2018-12-25T11:48:09.284142751Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.286387782Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.287786698Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.289524074Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.292629976Z 42 PC: 13094 | Get date (See above)
2018-12-25T11:48:09.295706198Z 240 PC: 12ab5 | UNKNOWN!
2018-12-25T11:48:09.297008717Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.299565375Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.301370172Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.303144492Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:09.305930643Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-25T11:48:09.309200323Z 37 PC: 12b3b | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.310910986Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.313382978Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-25T11:48:09.321664095Z 66 PC: 9f306 | Move file pointer
2018-12-25T11:48:09.323743402Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:09.330662941Z 62 PC: 9f31a | Close file
2018-12-25T11:48:09.334057215Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.336614133Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.338436443Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.341245159Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.343494725Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.345325195Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.347501792Z 67 PC: 9f353 | Get or set file attributes
2018-12-25T11:48:09.353377834Z 67 PC: 9f35d | Get or set file attributes
2018-12-25T11:48:09.364353825Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-25T11:48:09.372449013Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.376472982Z 66 PC: 9f384 | Move file pointer
2018-12-25T11:48:09.378684752Z 87 PC: 9f3bb | Get or set file date and time
2018-12-25T11:48:09.380753475Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-25T11:48:09.395845885Z 66 PC: 9f3d7 | Move file pointer
2018-12-25T11:48:09.397327211Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.400940995Z 87 PC: 9f396 | Get or set file date and time
2018-12-25T11:48:09.40309528Z 62 PC: 9f39a | Close file
2018-12-25T11:48:09.41065286Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-25T11:48:09.420467088Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.422359513Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.423684135Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.425503573Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-25T11:48:09.429860849Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3056,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:08.007743052Z 75 PC: 12f27 | Execute program
2018-12-25T11:48:08.009974228Z 53 PC: 12f34 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.011359314Z 53 PC: 12f42 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.012611518Z 53 PC: 12f50 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.014443284Z 82 PC: 12f5e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:08.016224928Z 42 PC: 13094 | Get date 0x13094: mov ch, byte ptr cs:[si + 0x470]
0x13099: and cx, 0x707
0x1309d: dec cl
0x1309f: cmp ch, cl
0x130a1: je 0x130ab
0x130a3: dec cl
0x130a5: cmp ch, cl
0x130a7: je 0x130b2
0x130a9: clc
0x130aa: ret
0x130ab: cmp dx, word ptr cs:[si + 0x46e]
0x130b0: cmc
0x130b1: ret
0x130b2: cmp dx, word ptr cs:[si + 0x46e]
0x130b7: ret
0x130b8: push sp
0x130b9: push 0x7369
0x130bc: and byte ptr [bx + di + 0x73], ch
0x130bf: and byte ptr [bx + si + 0x4f], cl
0x130c2: push dx
2018-12-25T11:48:08.020434893Z 37 PC: 12fb1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.022311827Z 53 PC: 9fa19 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.024757191Z 53 PC: 9fa1f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.02654869Z 53 PC: 9fa25 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.028302142Z 53 PC: 9fa2b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.030351703Z 37 PC: 9f9ad | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:08.031716427Z 37 PC: 9f9b6 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:08.033132316Z 37 PC: 9fa3d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.035288762Z 37 PC: 9fa46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:08.036767014Z 42 PC: 9fa4a | Get date 0x9fa4a: mov word ptr cs:[0x46e], dx
0x9fa4f: mov byte ptr cs:[0x470], cl
0x9fa54: pop ds
0x9fa55: pop dx
0x9fa56: mov ax, 0x3d00
0x9fa59: int 0x21
0x9fa5b: jb 0x9fa0f
0x9fa5d: mov bx, ax
0x9fa5f: mov ax, 0x4202
0x9fa62: mov cx, 0xffff
0x9fa65: mov dx, 0xfb62
0x9fa68: int 0x21
0x9fa6a: jb 0x9fa0b
0x9fa6c: mov ah, 0x3f
0x9fa6e: mov dx, 0x47d
0x9fa71: mov cx, 0xa
0x9fa74: push cs
0x9fa75: pop ds
0x9fa76: int 0x21
0x9fa78: jb 0x9fa0b
2018-12-25T11:48:08.039344804Z 61 PC: 9fa5b | Open file (Filename = 'S�')
2018-12-25T11:48:08.046758277Z 66 PC: 9fa6a | Move file pointer
2018-12-25T11:48:08.04835499Z 63 PC: 9fa78 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:08.057554925Z 62 PC: 9fa7e | Close file
2018-12-25T11:48:08.061008841Z 67 PC: 9fa92 | Get or set file attributes
2018-12-25T11:48:08.067062384Z 67 PC: 9fa9c | Get or set file attributes
2018-12-25T11:48:09.215881711Z 61 PC: 9faa8 | Open file
2018-12-25T11:48:09.226316643Z 63 PC: 9fab8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.230252205Z 66 PC: 9fac7 | Move file pointer
2018-12-25T11:48:09.23169044Z 87 PC: 9fb09 | Get or set file date and time
2018-12-25T11:48:09.233460998Z 64 PC: 9fb16 | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:48:09.240346282Z 66 PC: 9fb25 | Move file pointer
2018-12-25T11:48:09.241755844Z 64 PC: 9fb31 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.245337941Z 87 PC: 9fade | Get or set file date and time
2018-12-25T11:48:09.247344461Z 62 PC: 9fae2 | Close file
2018-12-25T11:48:09.255451714Z 67 PC: 9faea | Get or set file attributes
2018-12-25T11:48:09.265534549Z 37 PC: 9faf1 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.268250897Z 37 PC: 9faf7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.270462789Z 37 PC: 9fafd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.271801114Z 37 PC: 9fb03 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.274220544Z 42 PC: 13094 | Get date (See above)
2018-12-25T11:48:09.277612468Z 240 PC: 12ab5 | UNKNOWN!
2018-12-25T11:48:09.278956629Z 53 PC: 12ac2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.281153775Z 53 PC: 12ad0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.282609254Z 53 PC: 12ade | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.283972785Z 82 PC: 12aec | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:09.286363144Z 42 PC: 12b2e | Get date 0x12b2e: cmp dh, 6
0x12b31: ja 0x12b3b
0x12b33: mov ax, 0x2513
0x12b36: mov dx, 0x471
0x12b39: int 0x21
0x12b3b: mov ax, 0x2521
0x12b3e: mov dx, 0x4a5
0x12b41: int 0x21
0x12b43: pop ds
0x12b44: push ds
0x12b45: push si
0x12b46: push cs
0x12b47: pop es
0x12b48: mov ax, word ptr [0x2c]
0x12b4b: mov ds, ax
0x12b4d: xor cx, cx
0x12b4f: mov di, si
0x12b51: add di, 0x17e
0x12b55: mov bx, di
0x12b57: mov ax, di
2018-12-25T11:48:09.289077654Z 37 PC: 12b43 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:09.291014403Z 61 PC: 9f2f7 | Open file (Filename = '<')
2018-12-25T11:48:09.299753523Z 66 PC: 9f306 | Move file pointer
2018-12-25T11:48:09.303320837Z 63 PC: 9f314 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:48:09.312502583Z 62 PC: 9f31a | Close file
2018-12-25T11:48:09.316078186Z 53 PC: 9f32f | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.31859925Z 53 PC: 9f335 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.320549167Z 53 PC: 9f33b | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.322607563Z 37 PC: 9f349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.325803676Z 37 PC: 9f273 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.327768893Z 37 PC: 9f281 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.329745201Z 67 PC: 9f353 | Get or set file attributes
2018-12-25T11:48:09.33681707Z 67 PC: 9f35d | Get or set file attributes
2018-12-25T11:48:09.347204066Z 61 PC: 9f369 | Open file (Filename = 'S�')
2018-12-25T11:48:09.354582905Z 63 PC: 9f379 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:09.359611646Z 66 PC: 9f384 | Move file pointer
2018-12-25T11:48:09.36171095Z 87 PC: 9f3bb | Get or set file date and time
2018-12-25T11:48:09.364622176Z 64 PC: 9f3c8 | Write file or device (Write 1137 bytes on handle 5)
2018-12-25T11:48:09.374056729Z 66 PC: 9f3d7 | Move file pointer
2018-12-25T11:48:09.375870362Z 64 PC: 9f3e3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:48:09.379066557Z 87 PC: 9f396 | Get or set file date and time
2018-12-25T11:48:09.38165588Z 62 PC: 9f39a | Close file
2018-12-25T11:48:09.391307921Z 67 PC: 9f3a2 | Get or set file attributes
2018-12-25T11:48:09.402125997Z 37 PC: 9f3a9 | Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T11:48:09.404016357Z 37 PC: 9f3af | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:09.407059396Z 37 PC: 9f3b5 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:09.409216348Z 42 PC: 12b8d | Get date 0x12b8d: cmp dh, 6
0x12b90: ja 0x12bd5
0x12b92: xor ax, ax
0x12b94: mov ds, ax
0x12b96: test word ptr [0x46c], 0x1ff
0x12b9c: jne 0x12bd5
0x12b9e: mov al, 0x3f
0x12ba0: out 0x21, al
0x12ba2: mov ah, 0xf2
0x12ba4: int 0x21
0x12ba6: mov ax, 3
0x12ba9: cmp byte ptr [0x488], 0xfb
0x12bae: jne 0x12bb2
0x12bb0: mov al, 7
0x12bb2: int 0x10
0x12bb4: push cs
0x12bb5: pop ds
0x12bb6: mov ah, 9
0x12bb8: mov dx, 0x16a
0x12bbb: add dx, si
2018-12-25T11:48:09.412235437Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')