Sample viewer

vx.netlux.org/Virus.DOS.Lamego.729

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:51.587445652Z	239	PC: 201d1 \| UNKNOWN!
2018-12-17T22:20:51.589309569Z	53	PC: 201de \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:51.590499075Z	54	PC: 9f762 \| Get free disk space
2018-12-17T22:20:51.615110178Z	53	PC: 9f784 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:51.617988869Z	67	PC: 9f7ae \| Get or set file attributes
2018-12-17T22:20:51.626596556Z	67	PC: 9f7ba \| Get or set file attributes
2018-12-17T22:20:51.968750159Z	61	PC: 9f7c4 \| Open file (Filename = '')
2018-12-17T22:20:51.981770555Z	87	PC: 9f7d4 \| Get or set file date and time
2018-12-17T22:20:51.984160117Z	66	PC: 9f7eb \| Move file pointer
2018-12-17T22:20:51.986998558Z	63	PC: 9f8c1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:52.006168128Z	66	PC: 9f807 \| Move file pointer
2018-12-17T22:20:52.010019284Z	63	PC: 9f8c1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:52.024397091Z	66	PC: 9f823 \| Move file pointer
2018-12-17T22:20:52.030076068Z	66	PC: 9f840 \| Move file pointer
2018-12-17T22:20:52.03190919Z	64	PC: 9f84a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:20:52.035773845Z	66	PC: 9f853 \| Move file pointer
2018-12-17T22:20:52.040467459Z	64	PC: 9f85d \| Write file or device (Write 729 bytes on handle 5)
2018-12-17T22:20:52.050003964Z	87	PC: 9f871 \| Get or set file date and time
2018-12-17T22:20:52.051929985Z	62	PC: 9f875 \| Close file
2018-12-17T22:20:52.060398013Z	67	PC: 9f889 \| Get or set file attributes
2018-12-17T22:20:52.070317422Z	42	PC: 2025e \| Get date 0x2025e: cmp dh, 8 0x20261: jne 0x20279 0x20263: lea dx, word ptr [si + 3] 0x20266: mov si, dx 0x20268: lodsb al, byte ptr [si] 0x20269: cmp al, 0 0x2026b: je 0x20275 0x2026d: xor al, 6 0x2026f: mov ah, 0xe 0x20271: int 0x10 0x20273: jmp 0x20268 0x20275: xor ax, ax 0x20277: int 0x16 0x20279: mov si, 0x100 0x2027c: push si 0x2027d: ret 0x2027e: sub cl, byte ptr [si + 0x41] 0x20281: dec bp 0x20282: inc bp 0x20283: inc di
2018-12-17T22:20:52.077068796Z	80	PC: 13fb9 \| Set current PSP
2018-12-17T22:20:52.07952383Z	48	PC: 13fbe \| Get DOS version
2018-12-17T22:20:52.094957039Z	101	PC: 14044 \| Get extended country info
2018-12-17T22:20:52.096784359Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-17T22:20:52.099231333Z	74	PC: 140ac \| Reallocate memory
2018-12-17T22:20:52.101031021Z	25	PC: 140e3 \| Get default drive
2018-12-17T22:20:52.102595263Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:20:52.105336434Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:52.10693423Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:52.110414143Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:52.113179344Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:52.117315827Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:52.119570068Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:52.124670045Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:20:52.127914524Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:52.130018287Z	2	PC: 13e6c \| Character output (Char = '63')
2018-12-17T22:20:52.132957846Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:52.135557135Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.138564002Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:20:52.142678688Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.144980356Z	2	PC: 13e6c \| Character output (Char = '66')
2018-12-17T22:20:52.148226642Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:20:52.151725452Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:20:52.154076241Z	2	PC: 13e6c \| Character output (Char = '52')
2018-12-17T22:20:52.156160834Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:20:52.159176966Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.161617761Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:20:52.164068047Z	2	PC: 13e6c \| Character output (Char = '53')
2018-12-17T22:20:52.1675628Z	2	PC: 13e6c \| Character output (Char = '2d')
2018-12-17T22:20:52.169923846Z	2	PC: 13e6c \| Character output (Char = '44')
2018-12-17T22:20:52.172216709Z	2	PC: 13e6c \| Character output (Char = '4f')
2018-12-17T22:20:52.175383127Z	2	PC: 13e6c \| Character output (Char = '53')
2018-12-17T22:20:52.177694288Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:20:52.180234887Z	2	PC: 13e6c \| Character output (Char = '52')
2018-12-17T22:20:52.183852681Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:20:52.187714433Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.190802623Z	2	PC: 13e6c \| Character output (Char = '56')
2018-12-17T22:20:52.195067045Z	2	PC: 13e6c \| Character output (Char = '65')
2018-12-17T22:20:52.197277884Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:52.199485387Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:20:52.203122879Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:52.205612417Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.208066388Z	2	PC: 13e6c \| Character output (Char = '6e')
2018-12-17T22:20:52.211707799Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.21451814Z	2	PC: 13e6c \| Character output (Char = '36')
2018-12-17T22:20:52.216969248Z	2	PC: 13e6c \| Character output (Char = '2e')
2018-12-17T22:20:52.220177395Z	2	PC: 13e6c \| Character output (Char = '32')
2018-12-17T22:20:52.222923793Z	2	PC: 13e6c \| Character output (Char = '32')
2018-12-17T22:20:52.22539511Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:52.229208361Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:52.233182503Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.235261766Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.237503634Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.239638934Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.241690889Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.244737231Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.247713526Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.249969369Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.252598544Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.255578604Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.257893148Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.260225227Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.263196764Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.265509938Z	2	PC: 13e6c \| Character output (Char = '28')
2018-12-17T22:20:52.267844427Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:20:52.270471184Z	2	PC: 13e6c \| Character output (Char = '29')
2018-12-17T22:20:52.273921836Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:20:52.27596963Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.278987982Z	2	PC: 13e6c \| Character output (Char = '70')
2018-12-17T22:20:52.28108195Z	2	PC: 13e6c \| Character output (Char = '79')
2018-12-17T22:20:52.283621931Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:52.287026151Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:52.289430886Z	2	PC: 13e6c \| Character output (Char = '67')
2018-12-17T22:20:52.291816464Z	2	PC: 13e6c \| Character output (Char = '68')
2018-12-17T22:20:52.29501441Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:20:52.2993814Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.301961346Z	2	PC: 13e6c \| Character output (Char = '4d')
2018-12-17T22:20:52.305865327Z	2	PC: 13e6c \| Character output (Char = '69')
2018-12-17T22:20:52.308545759Z	2	PC: 13e6c \| Character output (Char = '63')
2018-12-17T22:20:52.310905318Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:52.314030552Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.316682024Z	2	PC: 13e6c \| Character output (Char = '73')
2018-12-17T22:20:52.319049995Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.322516399Z	2	PC: 13e6c \| Character output (Char = '66')
2018-12-17T22:20:52.325184341Z	2	PC: 13e6c \| Character output (Char = '74')
2018-12-17T22:20:52.327928031Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.330522216Z	2	PC: 13e6c \| Character output (Char = '43')
2018-12-17T22:20:52.333648883Z	2	PC: 13e6c \| Character output (Char = '6f')
2018-12-17T22:20:52.352134579Z	2	PC: 13e6c \| Character output (Char = '72')
2018-12-17T22:20:52.354430882Z	2	PC: 13e6c \| Character output (Char = '70')
2018-12-17T22:20:52.356747272Z	2	PC: 13e6c \| Character output (Char = '20')
2018-12-17T22:20:52.358791309Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:20:52.361736192Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:20:52.363897438Z	2	PC: 13e6c \| Character output (Char = '38')
2018-12-17T22:20:52.366677648Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:20:52.380460056Z	2	PC: 13e6c \| Character output (Char = '2d')
2018-12-17T22:20:52.383109613Z	2	PC: 13e6c \| Character output (Char = '31')
2018-12-17T22:20:52.385385838Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:20:52.388605835Z	2	PC: 13e6c \| Character output (Char = '39')
2018-12-17T22:20:52.391359477Z	2	PC: 13e6c \| Character output (Char = '34')
2018-12-17T22:20:52.393849413Z	2	PC: 13e6c \| Character output (Char = '2e')
2018-12-17T22:20:52.396968051Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-17T22:20:52.399300318Z	2	PC: 13e6c \| Character output (Char = '0a')
2018-12-17T22:20:52.403456105Z	74	PC: 12d4c \| Reallocate memory
2018-12-17T22:20:52.405929224Z	72	PC: 12d8d \| Allocate memory
2018-12-17T22:20:52.408058553Z	72	PC: 12dc5 \| Allocate memory
2018-12-17T22:20:52.410075784Z	72	PC: 12dcd \| Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3628,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:45.901721987Z	239	PC: 201d1 \| UNKNOWN!
2018-12-25T11:49:45.903699521Z	53	PC: 201de \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:45.905609388Z	54	PC: 9f762 \| Get free disk space
2018-12-25T11:49:45.953026924Z	53	PC: 9f784 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:45.957815639Z	67	PC: 9f7ae \| Get or set file attributes
2018-12-25T11:49:45.967050746Z	67	PC: 9f7ba \| Get or set file attributes
2018-12-25T11:49:47.315240892Z	61	PC: 9f7c4 \| Open file (Filename = '')
2018-12-25T11:49:47.324181643Z	87	PC: 9f7d4 \| Get or set file date and time
2018-12-25T11:49:47.325908818Z	66	PC: 9f7eb \| Move file pointer
2018-12-25T11:49:47.329419452Z	63	PC: 9f8c1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:47.344556925Z	66	PC: 9f807 \| Move file pointer
2018-12-25T11:49:47.34673359Z	63	PC: 9f8c1 \| Read file or device (See above)
2018-12-25T11:49:47.353514976Z	66	PC: 9f823 \| Move file pointer
2018-12-25T11:49:47.355978211Z	66	PC: 9f840 \| Move file pointer
2018-12-25T11:49:47.357983218Z	64	PC: 9f84a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:47.362346335Z	66	PC: 9f853 \| Move file pointer
2018-12-25T11:49:47.364360396Z	64	PC: 9f85d \| Write file or device (Write 729 bytes on handle 5)
2018-12-25T11:49:47.376446579Z	87	PC: 9f871 \| Get or set file date and time
2018-12-25T11:49:47.378133063Z	62	PC: 9f875 \| Close file
2018-12-25T11:49:47.38635612Z	67	PC: 9f889 \| Get or set file attributes
2018-12-25T11:49:47.397904077Z	42	PC: 2025e \| Get date 0x2025e: cmp dh, 8 0x20261: jne 0x20279 0x20263: lea dx, word ptr [si + 3] 0x20266: mov si, dx 0x20268: lodsb al, byte ptr [si] 0x20269: cmp al, 0 0x2026b: je 0x20275 0x2026d: xor al, 6 0x2026f: mov ah, 0xe 0x20271: int 0x10 0x20273: jmp 0x20268 0x20275: xor ax, ax 0x20277: int 0x16 0x20279: mov si, 0x100 0x2027c: push si 0x2027d: ret 0x2027e: sub cl, byte ptr [si + 0x41] 0x20281: dec bp 0x20282: inc bp 0x20283: inc di
2018-12-25T11:49:47.399990193Z	80	PC: 13fb9 \| Set current PSP
2018-12-25T11:49:47.401087319Z	48	PC: 13fbe \| Get DOS version
2018-12-25T11:49:47.403910089Z	101	PC: 14044 \| Get extended country info
2018-12-25T11:49:47.405379388Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-25T11:49:47.407178303Z	74	PC: 140ac \| Reallocate memory
2018-12-25T11:49:47.409409754Z	25	PC: 140e3 \| Get default drive
2018-12-25T11:49:47.410680088Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:49:47.412273919Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:49:47.41434492Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:47.417129026Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-25T11:49:47.419046638Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.42335797Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.42495346Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.427544385Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.431384466Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.434714631Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.437626809Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.441511585Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.444031897Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.446669635Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.451049431Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.4541629Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.456902637Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.45961133Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.463373049Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.466154846Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.46885186Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.472599548Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.475301043Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.478002375Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.482100143Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.48522065Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.500122656Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.503401534Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.505859212Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.508238588Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.510770411Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.513193641Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.515401438Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.518045042Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.522686656Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.525424275Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.527826026Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.530932598Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.533188653Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.536893765Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.539825194Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.542075858Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.544973763Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.550711719Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.55508411Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.557452912Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.560545457Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.563072405Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.564783881Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.566878248Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.568449345Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.570071895Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.572085783Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.573674155Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.575250747Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.579018892Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.581467907Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.583465104Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.586269847Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.587865896Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.589557665Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.591655106Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.593232039Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.594878235Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.597685771Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.600715812Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.603413987Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.606530679Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.608995636Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.61184303Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.615303776Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.618105458Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.620645606Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.623489321Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.62571728Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.628127863Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.630852823Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.633110589Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.635383059Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.63827443Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.640548698Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.642633635Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.649410841Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.65223994Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.6550808Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.658564172Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.661033745Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.663652286Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.668288542Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.670937253Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.673342113Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.676370978Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.680005404Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.683296914Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.686052392Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.689522606Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.692488783Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.698597939Z	74	PC: 12d4c \| Reallocate memory
2018-12-25T11:49:47.703201673Z	72	PC: 12d8d \| Allocate memory
2018-12-25T11:49:47.704745865Z	72	PC: 12dc5 \| Allocate memory
2018-12-25T11:49:47.707194615Z	72	PC: 12dcd \| Allocate memory

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3628,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:45.95294008Z	239	PC: 201d1 \| UNKNOWN!
2018-12-25T11:49:45.954767467Z	53	PC: 201de \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:45.955937857Z	54	PC: 9f762 \| Get free disk space
2018-12-25T11:49:46.005581239Z	53	PC: 9f784 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:46.00797698Z	67	PC: 9f7ae \| Get or set file attributes
2018-12-25T11:49:46.017027668Z	67	PC: 9f7ba \| Get or set file attributes
2018-12-25T11:49:47.316325324Z	61	PC: 9f7c4 \| Open file (Filename = '')
2018-12-25T11:49:47.330246975Z	87	PC: 9f7d4 \| Get or set file date and time
2018-12-25T11:49:47.332398998Z	66	PC: 9f7eb \| Move file pointer
2018-12-25T11:49:47.334428481Z	63	PC: 9f8c1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:47.344565015Z	66	PC: 9f807 \| Move file pointer
2018-12-25T11:49:47.34649936Z	63	PC: 9f8c1 \| Read file or device (See above)
2018-12-25T11:49:47.353893272Z	66	PC: 9f823 \| Move file pointer
2018-12-25T11:49:47.356669056Z	66	PC: 9f840 \| Move file pointer
2018-12-25T11:49:47.358737414Z	64	PC: 9f84a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:47.362282377Z	66	PC: 9f853 \| Move file pointer
2018-12-25T11:49:47.36824216Z	64	PC: 9f85d \| Write file or device (Write 729 bytes on handle 5)
2018-12-25T11:49:47.387154181Z	87	PC: 9f871 \| Get or set file date and time
2018-12-25T11:49:47.388843853Z	62	PC: 9f875 \| Close file
2018-12-25T11:49:47.396805828Z	67	PC: 9f889 \| Get or set file attributes
2018-12-25T11:49:47.407757447Z	42	PC: 2025e \| Get date 0x2025e: cmp dh, 8 0x20261: jne 0x20279 0x20263: lea dx, word ptr [si + 3] 0x20266: mov si, dx 0x20268: lodsb al, byte ptr [si] 0x20269: cmp al, 0 0x2026b: je 0x20275 0x2026d: xor al, 6 0x2026f: mov ah, 0xe 0x20271: int 0x10 0x20273: jmp 0x20268 0x20275: xor ax, ax 0x20277: int 0x16 0x20279: mov si, 0x100 0x2027c: push si 0x2027d: ret 0x2027e: sub cl, byte ptr [si + 0x41] 0x20281: dec bp 0x20282: inc bp 0x20283: inc di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3628,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:46.023221833Z	239	PC: 201d1 \| UNKNOWN!
2018-12-25T11:49:46.025512027Z	53	PC: 201de \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:46.026985716Z	54	PC: 9f762 \| Get free disk space
2018-12-25T11:49:46.071516207Z	53	PC: 9f784 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:46.074066713Z	67	PC: 9f7ae \| Get or set file attributes
2018-12-25T11:49:46.084415373Z	67	PC: 9f7ba \| Get or set file attributes
2018-12-25T11:49:47.315140105Z	61	PC: 9f7c4 \| Open file (Filename = '')
2018-12-25T11:49:47.323093045Z	87	PC: 9f7d4 \| Get or set file date and time
2018-12-25T11:49:47.325210628Z	66	PC: 9f7eb \| Move file pointer
2018-12-25T11:49:47.327255569Z	63	PC: 9f8c1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:47.335667991Z	66	PC: 9f807 \| Move file pointer
2018-12-25T11:49:47.338218323Z	63	PC: 9f8c1 \| Read file or device (See above)
2018-12-25T11:49:47.344795444Z	66	PC: 9f823 \| Move file pointer
2018-12-25T11:49:47.347676832Z	66	PC: 9f840 \| Move file pointer
2018-12-25T11:49:47.349996892Z	64	PC: 9f84a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:47.353346905Z	66	PC: 9f853 \| Move file pointer
2018-12-25T11:49:47.355304228Z	64	PC: 9f85d \| Write file or device (Write 729 bytes on handle 5)
2018-12-25T11:49:47.367760902Z	87	PC: 9f871 \| Get or set file date and time
2018-12-25T11:49:47.369855731Z	62	PC: 9f875 \| Close file
2018-12-25T11:49:47.377906433Z	67	PC: 9f889 \| Get or set file attributes
2018-12-25T11:49:47.391969569Z	42	PC: 2025e \| Get date 0x2025e: cmp dh, 8 0x20261: jne 0x20279 0x20263: lea dx, word ptr [si + 3] 0x20266: mov si, dx 0x20268: lodsb al, byte ptr [si] 0x20269: cmp al, 0 0x2026b: je 0x20275 0x2026d: xor al, 6 0x2026f: mov ah, 0xe 0x20271: int 0x10 0x20273: jmp 0x20268 0x20275: xor ax, ax 0x20277: int 0x16 0x20279: mov si, 0x100 0x2027c: push si 0x2027d: ret 0x2027e: sub cl, byte ptr [si + 0x41] 0x20281: dec bp 0x20282: inc bp 0x20283: inc di
2018-12-25T11:49:47.398194162Z	80	PC: 13fb9 \| Set current PSP
2018-12-25T11:49:47.400811885Z	48	PC: 13fbe \| Get DOS version
2018-12-25T11:49:47.404096709Z	101	PC: 14044 \| Get extended country info
2018-12-25T11:49:47.406781519Z	99	PC: 1404a \| Get DBCS lead byte table pointer
2018-12-25T11:49:47.408711998Z	74	PC: 140ac \| Reallocate memory
2018-12-25T11:49:47.411761327Z	25	PC: 140e3 \| Get default drive
2018-12-25T11:49:47.413846244Z	37	PC: 13ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:49:47.415498961Z	37	PC: 13baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:49:47.417943034Z	37	PC: 13bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:47.422003692Z	2	PC: 13e6c \| Character output (Char = '0d')
2018-12-25T11:49:47.424638972Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.429937117Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.43274324Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.437735039Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.440057609Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.443321691Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.445748685Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.448361585Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.452523467Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.454916944Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.457285324Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.460179376Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.462576463Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.465001633Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.468521131Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.470908891Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.473309234Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.476800485Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.479864769Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.482648334Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.485388007Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.488804711Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.4913602Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.4936486Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.49623977Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.499071637Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.501329168Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.504783473Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.520637018Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.523991475Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.526864004Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.529367141Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.53241191Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.535954841Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.538490298Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.542549792Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.545910813Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.54837291Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.550726188Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.553695063Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.557705688Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.559979307Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.56327346Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.565633128Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.567972732Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.570848419Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.573325633Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.575909551Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.57921004Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.582010101Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.584727903Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.588705811Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.591101177Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.593682747Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.596927455Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.59974021Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.601937667Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.604577052Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.606855439Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.609252757Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.611732334Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.614623482Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.616985398Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.619729731Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.622078119Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.624300081Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.627087703Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.629412633Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.631663219Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.634497643Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.636794875Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.639037537Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.641963062Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.644588973Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.647424249Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.651106599Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.653816776Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.656460153Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.659168622Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.662935056Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.665600545Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.668377075Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.672179085Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.674938982Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.678033462Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.681087879Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.683403037Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.685514149Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.689138304Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.691551788Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.69397397Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.697677703Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.704103814Z	2	PC: 13e6c \| Character output (See above)
2018-12-25T11:49:47.711282278Z	74	PC: 12d4c \| Reallocate memory
2018-12-25T11:49:47.714283738Z	72	PC: 12d8d \| Allocate memory
2018-12-25T11:49:47.71642201Z	72	PC: 12dc5 \| Allocate memory
2018-12-25T11:49:47.718651326Z	72	PC: 12dcd \| Allocate memory

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3628,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:46.056839875Z	239	PC: 201d1 \| UNKNOWN!
2018-12-25T11:49:46.058326394Z	53	PC: 201de \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:46.059822959Z	54	PC: 9f762 \| Get free disk space
2018-12-25T11:49:46.104144646Z	53	PC: 9f784 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:46.10611688Z	67	PC: 9f7ae \| Get or set file attributes
2018-12-25T11:49:46.114911326Z	67	PC: 9f7ba \| Get or set file attributes
2018-12-25T11:49:47.316743069Z	61	PC: 9f7c4 \| Open file (Filename = '')
2018-12-25T11:49:47.327851439Z	87	PC: 9f7d4 \| Get or set file date and time
2018-12-25T11:49:47.329558163Z	66	PC: 9f7eb \| Move file pointer
2018-12-25T11:49:47.331621765Z	63	PC: 9f8c1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:47.340124713Z	66	PC: 9f807 \| Move file pointer
2018-12-25T11:49:47.341784638Z	63	PC: 9f8c1 \| Read file or device (See above)
2018-12-25T11:49:47.348239324Z	66	PC: 9f823 \| Move file pointer
2018-12-25T11:49:47.351109659Z	66	PC: 9f840 \| Move file pointer
2018-12-25T11:49:47.354122844Z	64	PC: 9f84a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:47.357427878Z	66	PC: 9f853 \| Move file pointer
2018-12-25T11:49:47.359346305Z	64	PC: 9f85d \| Write file or device (Write 729 bytes on handle 5)
2018-12-25T11:49:47.370640765Z	87	PC: 9f871 \| Get or set file date and time
2018-12-25T11:49:47.37246341Z	62	PC: 9f875 \| Close file
2018-12-25T11:49:47.38199623Z	67	PC: 9f889 \| Get or set file attributes
2018-12-25T11:49:47.392838106Z	42	PC: 2025e \| Get date 0x2025e: cmp dh, 8 0x20261: jne 0x20279 0x20263: lea dx, word ptr [si + 3] 0x20266: mov si, dx 0x20268: lodsb al, byte ptr [si] 0x20269: cmp al, 0 0x2026b: je 0x20275 0x2026d: xor al, 6 0x2026f: mov ah, 0xe 0x20271: int 0x10 0x20273: jmp 0x20268 0x20275: xor ax, ax 0x20277: int 0x16 0x20279: mov si, 0x100 0x2027c: push si 0x2027d: ret 0x2027e: sub cl, byte ptr [si + 0x41] 0x20281: dec bp 0x20282: inc bp 0x20283: inc di