Sample viewer

vx.netlux.org/Virus.DOS.TaiPan.Hooze.513

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:56.977769397Z	123	PC: 13324 \| UNKNOWN!
2018-12-17T22:28:56.979543587Z	72	PC: 13347 \| Allocate memory
2018-12-17T22:28:56.981506088Z	74	PC: 1335c \| Reallocate memory
2018-12-17T22:28:56.983119999Z	72	PC: 13347 \| Allocate memory
2018-12-17T22:28:56.985091753Z	74	PC: 1335c \| Reallocate memory
2018-12-17T22:28:56.987429186Z	72	PC: 13347 \| Allocate memory
2018-12-17T22:28:56.989314805Z	53	PC: 9f7fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:56.990746406Z	37	PC: 9f809 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:56.992939705Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:56.995324873Z	76	PC: 13318 \| Terminate with return code (Return code = '76')
2018-12-17T22:28:56.998550467Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.002795615Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:28:57.004172966Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.006364625Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:28:57.009634556Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.011979905Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:28:57.014345022Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:28:57.022226215Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:57.02418343Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:57.025801368Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.028524852Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.030684008Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.032790473Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.034853186Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.037126179Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.038186343Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.039971088Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.041595434Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.043147808Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.044303043Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.046279812Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.047460791Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.048946421Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.050733495Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.0523136Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.053333263Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.055934086Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.05698741Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.058380095Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.068127642Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.069578917Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.070621484Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.073904491Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.075305901Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.07749369Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.079596896Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.082117128Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.083502833Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.086021107Z	62	PC: 122ab \| Close file
2018-12-17T22:28:57.088776537Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.09076447Z	99	PC: 9a157 \| Get DBCS lead byte table pointer
2018-12-17T22:28:57.093082154Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.09479636Z	56	PC: 94979 \| Get or set country info
2018-12-17T22:28:57.096181657Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.098807788Z	64	PC: 9a3c8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:28:57.101696017Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.103280737Z	25	PC: 949e2 \| Get default drive
2018-12-17T22:28:57.105336268Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.106789235Z	71	PC: 96c5d \| Get current directory
2018-12-17T22:28:57.109328901Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.111311571Z	64	PC: 9a3c8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:28:57.11336354Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.114825251Z	2	PC: 96c32 \| Character output (Char = '3e')
2018-12-17T22:28:57.116958721Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.118536351Z	93	PC: 94aa0 \| File sharing functions
2018-12-17T22:28:57.119773437Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.12179347Z	93	PC: 94aa7 \| File sharing functions
2018-12-17T22:28:57.123079986Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-17T22:28:57.124540229Z	10	PC: 94ab9 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5168,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:54.466412249Z	123	PC: 13324 \| UNKNOWN!
2018-12-25T11:53:54.468360937Z	72	PC: 13347 \| Allocate memory
2018-12-25T11:53:54.472811655Z	74	PC: 1335c \| Reallocate memory
2018-12-25T11:53:54.474729403Z	72	PC: 13347 \| Allocate memory (See above)
2018-12-25T11:53:54.47707835Z	74	PC: 1335c \| Reallocate memory (See above)
2018-12-25T11:53:54.479463752Z	72	PC: 13347 \| Allocate memory (See above)
2018-12-25T11:53:54.481261025Z	53	PC: 9f7fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:54.482500109Z	37	PC: 9f809 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:54.484486067Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-25T11:53:54.487190016Z	76	PC: 13318 \| Terminate with return code (Return code = '76')
2018-12-25T11:53:54.490945216Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.49439364Z	77	PC: 11fe0 \| Get program return code
2018-12-25T11:53:54.495847008Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.498323361Z	72	PC: 12174 \| Allocate memory
2018-12-25T11:53:54.508392317Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.511078991Z	72	PC: 1218d \| Allocate memory
2018-12-25T11:53:54.513798717Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:53:54.516300959Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:53:54.519739087Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:53:54.522180897Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.525740649Z	62	PC: 122ab \| Close file
2018-12-25T11:53:54.532064707Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.535367573Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.53758227Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.541620551Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.543759987Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.547265581Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.556349048Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.558994272Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.56073855Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.563832857Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.565657528Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.56809136Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.570148756Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.573306683Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.575012101Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.577408725Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.57996392Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.582405791Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.584149514Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.587067419Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.588829954Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.591258633Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.59370743Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.596185315Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.597899769Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.601023989Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.602749044Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.605201244Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.6095386Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.613020343Z	99	PC: 9a157 \| Get DBCS lead byte table pointer
2018-12-25T11:53:54.614816582Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.617730914Z	56	PC: 94979 \| Get or set country info
2018-12-25T11:53:54.62172877Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.636610659Z	64	PC: 9a3c8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:53:54.642199653Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.645477694Z	25	PC: 949e2 \| Get default drive
2018-12-25T11:53:54.647662979Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.650938631Z	71	PC: 96c5d \| Get current directory
2018-12-25T11:53:54.656727309Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.663548848Z	64	PC: 9a3c8 \| Write file or device (See above)
2018-12-25T11:53:54.667233189Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.670415573Z	2	PC: 96c32 \| Character output (Char = '3e')
2018-12-25T11:53:54.673349506Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.676821099Z	93	PC: 94aa0 \| File sharing functions
2018-12-25T11:53:54.679980995Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.683113855Z	93	PC: 94aa7 \| File sharing functions
2018-12-25T11:53:54.685517187Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.688355322Z	10	PC: 94ab9 \| Buffered keyboard input

{"DateBased":true,"Day":5,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5168,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:54.644236554Z	123	PC: 13324 \| UNKNOWN!
2018-12-25T11:53:54.645727778Z	72	PC: 13347 \| Allocate memory
2018-12-25T11:53:54.647482687Z	74	PC: 1335c \| Reallocate memory
2018-12-25T11:53:54.649491693Z	72	PC: 13347 \| Allocate memory (See above)
2018-12-25T11:53:54.652279689Z	74	PC: 1335c \| Reallocate memory (See above)
2018-12-25T11:53:54.654383128Z	72	PC: 13347 \| Allocate memory (See above)
2018-12-25T11:53:54.658046975Z	53	PC: 9f7fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:54.661662415Z	37	PC: 9f809 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:54.663354082Z	42	PC: 9f880 \| Get date 0x9f880: cmp dx, 0x805 0x9f884: jne 0x9f892 0x9f886: push ds 0x9f887: push cs 0x9f888: pop ds 0x9f889: mov ax, 0x251c 0x9f88c: mov dx, 0x1dd 0x9f88f: int 0x21 0x9f891: pop ds 0x9f892: pop dx 0x9f893: pop cx 0x9f894: pop ax 0x9f895: cmp ax, 0x4b00 0x9f898: jne 0x9f89d 0x9f89a: call 0x9f8a5 0x9f89d: ljmp ptr cs:[0xb5] 0x9f8a2: push cs 0x9f8a3: pop es 0x9f8a4: iret 0x9f8a5: push ax
2018-12-25T11:53:54.665880374Z	37	PC: 9f891 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:53:54.668395385Z	76	PC: 13318 \| Terminate with return code (Return code = '76')
2018-12-25T11:53:54.671810683Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.67510517Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.677360518Z	77	PC: 11fe0 \| Get program return code
2018-12-25T11:53:54.67889314Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.681079526Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.683320896Z	72	PC: 12174 \| Allocate memory
2018-12-25T11:53:54.68617091Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.688167833Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.689339153Z	72	PC: 1218d \| Allocate memory
2018-12-25T11:53:54.693686593Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:53:54.69480183Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:53:54.695884567Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:53:54.698056288Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.711550818Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.71467819Z	62	PC: 122ab \| Close file
2018-12-25T11:53:54.718240377Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.7203682Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.721561742Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.7244018Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.726502348Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.727566237Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.731478596Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.734195883Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.735780433Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.739610625Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.742578723Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.744217571Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.752463466Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.754753133Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.755831798Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.764267935Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.776453475Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.777925509Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.780942339Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.783432198Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.7855865Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.788161204Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.790900298Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.792308474Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.794271111Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.797207768Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.798581237Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.800344884Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.803713633Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.805065865Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.806824927Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.809803246Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.810958845Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.812753582Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.815913136Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.817300079Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.819128064Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.822535415Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.823640638Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.825902152Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.828680859Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.829758667Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:54.83241658Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.836686462Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.837870746Z	99	PC: 9a157 \| Get DBCS lead byte table pointer
2018-12-25T11:53:54.839299302Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.842041278Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.843308066Z	56	PC: 94979 \| Get or set country info
2018-12-25T11:53:54.845582751Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.848892035Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.850095099Z	64	PC: 9a3c8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:53:54.854403719Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.85800222Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.859239079Z	25	PC: 949e2 \| Get default drive
2018-12-25T11:53:54.860933357Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.863786497Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.86590188Z	71	PC: 96c5d \| Get current directory
2018-12-25T11:53:54.870585049Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.87276238Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.874697819Z	64	PC: 9a3c8 \| Write file or device (See above)
2018-12-25T11:53:54.878508706Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.880893361Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.883124122Z	2	PC: 96c32 \| Character output (Char = '3e')
2018-12-25T11:53:54.885391396Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.887629382Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.890227282Z	93	PC: 94aa0 \| File sharing functions
2018-12-25T11:53:54.892057026Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.894952708Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.902824407Z	93	PC: 94aa7 \| File sharing functions
2018-12-25T11:53:54.904702312Z	42	PC: 9f880 \| Get date (See above)
2018-12-25T11:53:54.906957396Z	37	PC: 9f891 \| Set interrupt vector (See above)
2018-12-25T11:53:54.90905388Z	10	PC: 94ab9 \| Buffered keyboard input