Sample viewer

vx.netlux.org/Virus.DOS.Shengli.1024

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:47.840407806Z 238 PC: 1754f | UNKNOWN!
2018-12-17T22:31:47.844120273Z 53 PC: 17589 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:47.845468431Z 37 PC: 17599 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:47.846892058Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:47.85148567Z 53 PC: 17767 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:47.852948292Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:47.855253725Z 37 PC: 17777 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:47.857069281Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:47.859793378Z 67 PC: 17754 | Get or set file attributes
2018-12-17T22:31:47.865286419Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:47.867893772Z 67 PC: 17760 | Get or set file attributes
2018-12-17T22:31:48.202963653Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.206568599Z 61 PC: 17642 | Open file (Filename = '�,')
2018-12-17T22:31:48.213333885Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.216140943Z 63 PC: 17653 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:31:48.219176817Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.222702102Z 66 PC: 1765e | Move file pointer
2018-12-17T22:31:48.226765643Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.228952312Z 63 PC: 17668 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:31:48.232016742Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.235431925Z 66 PC: 176a1 | Move file pointer
2018-12-17T22:31:48.237445349Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.240130001Z 66 PC: 1770f | Move file pointer
2018-12-17T22:31:48.242830755Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.24496283Z 64 PC: 17719 | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:31:48.247739485Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.251415911Z 66 PC: 17722 | Move file pointer
2018-12-17T22:31:48.253401055Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.256041246Z 64 PC: 1772b | Write file or device (Write 1024 bytes on handle 5)
2018-12-17T22:31:48.266334811Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.268736564Z 62 PC: 17730 | Close file
2018-12-17T22:31:48.276631401Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.279843766Z 67 PC: 17739 | Get or set file attributes
2018-12-17T22:31:48.289182835Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.291535328Z 37 PC: 1774c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:48.295940075Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.298579751Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-17T22:31:48.300286242Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.303269984Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-17T22:31:48.310879321Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.314077258Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-17T22:31:48.316878567Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.319335712Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-17T22:31:48.320923203Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.323694634Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:31:48.326697037Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.330414758Z 48 PC: 13763 | Get DOS version
2018-12-17T22:31:48.334789123Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.33769718Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-17T22:31:48.34381885Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.346817857Z 64 PC: 139e5 | Write file or device (Write 9 bytes on handle 1)
2018-12-17T22:31:48.350273408Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.352481111Z 64 PC: 139e5 | Write file or device (Write 17 bytes on handle 1)
2018-12-17T22:31:48.358045122Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.360465028Z 76 PC: 147f8 | Terminate with return code (Return code = '4')
2018-12-17T22:31:48.364626037Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.367504313Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:31:48.369174315Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.371765385Z 72 PC: 12174 | Allocate memory
2018-12-17T22:31:48.374303763Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.376902041Z 72 PC: 1218d | Allocate memory
2018-12-17T22:31:48.37974866Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.382537413Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:31:48.385056672Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.387640006Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:31:48.38922179Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.407633932Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:48.408829154Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.4119689Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.414101305Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.416228196Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.417773994Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.421312423Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.423205582Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.425774373Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.428588155Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.431142731Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.432967441Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.436327792Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.438578861Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.441029284Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.443580914Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.446347982Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.448130931Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.451317723Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.453418161Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.455646061Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.458047767Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.460865537Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.462922362Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.466198655Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.467632829Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.469710775Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.471278471Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.473758616Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.475247258Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.47744498Z 62 PC: 122ab | Close file
2018-12-17T22:31:48.480830764Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.482901361Z 99 PC: 9a0d7 | Get DBCS lead byte table pointer
2018-12-17T22:31:48.484184822Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.486535033Z 56 PC: 948f9 | Get or set country info
2018-12-17T22:31:48.489322135Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.491649515Z 64 PC: 9a348 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:31:48.498023608Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.500246984Z 25 PC: 94962 | Get default drive
2018-12-17T22:31:48.501981642Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.504592454Z 71 PC: 96bdd | Get current directory
2018-12-17T22:31:48.508646133Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.51102909Z 64 PC: 9a348 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:31:48.517099394Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.519290508Z 2 PC: 96bb2 | Character output (Char = '3e')
2018-12-17T22:31:48.521565686Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.524870484Z 93 PC: 94a20 | File sharing functions
2018-12-17T22:31:48.526918792Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.5297542Z 93 PC: 94a27 | File sharing functions
2018-12-17T22:31:48.53228532Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-17T22:31:48.535069631Z 10 PC: 94a39 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5677,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:10.331601683Z 238 PC: 1754f | UNKNOWN!
2018-12-25T11:55:10.33349825Z 53 PC: 17589 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:10.334863048Z 37 PC: 17599 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:10.336374136Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-25T11:55:10.339137258Z 53 PC: 17767 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:55:10.340489647Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:10.34274333Z 37 PC: 17777 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:55:10.344519942Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:10.346783081Z 67 PC: 17754 | Get or set file attributes
2018-12-25T11:55:10.351875561Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:10.35430081Z 67 PC: 17760 | Get or set file attributes
2018-12-25T11:55:11.439042996Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.442061514Z 61 PC: 17642 | Open file (Filename = '�,')
2018-12-25T11:55:11.44914462Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.452273029Z 63 PC: 17653 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:55:11.45624451Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.45979643Z 66 PC: 1765e | Move file pointer
2018-12-25T11:55:11.461980611Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.464470244Z 63 PC: 17668 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:55:11.46787595Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.472148842Z 66 PC: 176a1 | Move file pointer
2018-12-25T11:55:11.473928761Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.476357416Z 66 PC: 1770f | Move file pointer
2018-12-25T11:55:11.478560703Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.48100351Z 64 PC: 17719 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:55:11.483990322Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.487018869Z 66 PC: 17722 | Move file pointer
2018-12-25T11:55:11.488740548Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.490841627Z 64 PC: 1772b | Write file or device (Write 1024 bytes on handle 5)
2018-12-25T11:55:11.499393783Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.501616423Z 62 PC: 17730 | Close file
2018-12-25T11:55:11.50816121Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.511466779Z 67 PC: 17739 | Get or set file attributes
2018-12-25T11:55:11.528305809Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.53669545Z 37 PC: 1774c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:55:11.539780747Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.556555753Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:55:11.558055051Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.56283528Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:55:11.564200873Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.566669523Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:55:11.570504917Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.572997147Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:55:11.574791095Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.578261619Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:55:11.580513283Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.583176067Z 48 PC: 13763 | Get DOS version
2018-12-25T11:55:11.585616044Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.587885358Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:55:11.593684345Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.596367169Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:55:11.601624426Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.604242175Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:55:11.609601002Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.612943442Z 76 PC: 147f8 | Terminate with return code (Return code = '4')
2018-12-25T11:55:11.616530458Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.619640922Z 77 PC: 11fe0 | Get program return code
2018-12-25T11:55:11.621273907Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.623816809Z 72 PC: 12174 | Allocate memory
2018-12-25T11:55:11.626692261Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.629019504Z 72 PC: 1218d | Allocate memory
2018-12-25T11:55:11.631516527Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.634524408Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:55:11.635789603Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.638202259Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:55:11.640436672Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.642740013Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:55:11.644110471Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.646523449Z 62 PC: 122ab | Close file
2018-12-25T11:55:11.648383755Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.650827629Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.653348845Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.655560308Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.6569208Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.659628193Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.661079256Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.663206944Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.664961866Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.667260424Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.668642508Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.671506917Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.67328848Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.675500044Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.677351554Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.679588249Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.681138344Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.684292815Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.685965958Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.688530773Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.691051049Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.693567647Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.695446197Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.699014936Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.701087562Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.703680898Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.706367018Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.709244267Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:11.712275366Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.71504389Z 99 PC: 9a0d7 | Get DBCS lead byte table pointer
2018-12-25T11:55:11.717006837Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.71922629Z 56 PC: 948f9 | Get or set country info
2018-12-25T11:55:11.722270681Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.72498353Z 64 PC: 9a348 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:55:11.729745955Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.73247336Z 25 PC: 94962 | Get default drive
2018-12-25T11:55:11.735483221Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.738107243Z 71 PC: 96bdd | Get current directory
2018-12-25T11:55:11.742386763Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.746153476Z 64 PC: 9a348 | Write file or device (See above)
2018-12-25T11:55:11.750601888Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.756930828Z 2 PC: 96bb2 | Character output (Char = '3e')
2018-12-25T11:55:11.760526599Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.762982202Z 93 PC: 94a20 | File sharing functions
2018-12-25T11:55:11.764922061Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.768225787Z 93 PC: 94a27 | File sharing functions
2018-12-25T11:55:11.770274264Z 42 PC: 9f7ca | Get date (See above)
2018-12-25T11:55:11.772653046Z 10 PC: 94a39 | Buffered keyboard input

{"DateBased":true,"Day":16,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5677,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:10.354651729Z 238 PC: 1754f | UNKNOWN!
2018-12-25T11:55:10.357747208Z 53 PC: 17589 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:10.359769997Z 37 PC: 17599 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:10.361525524Z 42 PC: 9f7ca | Get date 0x9f7ca: cmp dx, 0x910
0x9f7ce: jne 0x9f7d3
0x9f7d0: jmp 0x9f999
0x9f7d3: pop cx
0x9f7d4: pop dx
0x9f7d5: pop ax
0x9f7d6: cmp ax, 0x4b00
0x9f7d9: je 0x9f7ea
0x9f7db: cmp ax, 0xee00
0x9f7de: jne 0x9f7e4
0x9f7e0: not ax
0x9f7e2: popf
0x9f7e3: iret
0x9f7e4: popf
0x9f7e5: ljmp ptr cs:[0x400]
0x9f7ea: push ax
0x9f7eb: push bx
0x9f7ec: push cx
0x9f7ed: push si
0x9f7ee: push di
2018-12-25T11:55:10.3730206Z 9 PC: 9f9bb | Display string (String= 'Happy birthday to you -SHENGLI OIL FIELD TXC')