Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1539

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:51.422490774Z 42 PC: 16870 | Get date 0x16870: cmp cx, 0x7cb
0x16874: jne 0x16880
0x16876: cmp dh, 4
0x16879: ja 0x16880
0x1687b: cmp dl, 0xf
0x1687e: jb 0x168c9
0x16880: mov al, 0xff
0x16882: mov ah, 0xf
0x16884: xchg al, ah
0x16886: nop
0x16887: int 0x21
0x16889: cmp ax, 0x101
0x1688c: jne 0x16892
0x1688e: call 0x168cd
0x16891: nop
0x16892: mov ax, 0x3521
0x16895: nop
0x16896: int 0x21
0x16898: cmp word ptr es:[0xa], 0x4254
0x1689f: jne 0x168ad
2018-12-17T22:32:51.424971245Z 255 PC: 16889 | UNKNOWN!
2018-12-17T22:32:51.42605889Z 53 PC: 16898 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:51.427228357Z 240 PC: 168c7 | UNKNOWN!
2018-12-17T22:32:51.429699159Z 44 PC: 167c5 | Get time 0x167c5: cmp cl, 6
0x167c8: jne 0x167ff
0x167ca: mov ax, 0xb800
0x167cd: mov es, ax
0x167cf: mov cx, 0x30
0x167d2: push cx
0x167d3: mov cx, 0x7c0
0x167d6: xor si, si
0x167d8: mov ah, byte ptr es:[si]
0x167db: cmp ah, 0x77
0x167de: jb 0x167ed
0x167e0: dec ah
0x167e2: mov byte ptr es:[si], ah
0x167e5: mov byte ptr es:[si + 1], 0x79
0x167ea: jmp 0x167f7
0x167ec: nop
0x167ed: inc ah
0x167ef: mov byte ptr es:[si], ah
0x167f2: mov byte ptr es:[si + 1], 0x8f
0x167f7: inc si
2018-12-17T22:32:51.431561442Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:32:51.432546309Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:51.434692408Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:32:51.436077563Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:32:51.437252874Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:32:51.439044044Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:51.440435854Z 74 PC: 12af7 | Reallocate memory
2018-12-17T22:32:51.442885652Z 68 PC: 13774 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:32:51.445012156Z 68 PC: 13774 | I/O control for devices (Set for = '')
2018-12-17T22:32:51.448601931Z 47 PC: 9f6b4 | Get disk transfer address
2018-12-17T22:32:51.449752254Z 26 PC: 9f6b4 | Set disk transfer address
2018-12-17T22:32:51.450976534Z 78 PC: 9f6b4 | Find first file
2018-12-17T22:32:51.457990075Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.460461182Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.463319232Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.467248485Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.470089457Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.47290878Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.476399724Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.479682655Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.482436294Z 79 PC: 9f6b4 | Find next file
2018-12-17T22:32:51.485988501Z 26 PC: 9f73e | Set disk transfer address
2018-12-17T22:32:51.487199679Z 61 PC: 133e1 | Open file (Filename = 'EMMXXXX0')
2018-12-17T22:32:51.493442926Z 72 PC: 13448 | Allocate memory
2018-12-17T22:32:51.497631122Z 47 PC: 14b35 | Get disk transfer address
2018-12-17T22:32:51.499142194Z 26 PC: 14b3e | Set disk transfer address
2018-12-17T22:32:51.50064808Z 78 PC: 14b48 | Find first file
2018-12-17T22:32:51.50753758Z 26 PC: 14b51 | Set disk transfer address
2018-12-17T22:32:51.509275001Z 64 PC: 158cf | Write file or device (Write 74 bytes on handle 1)
2018-12-17T22:32:51.515909257Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:51.519356495Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:32:51.520710491Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:32:51.523109247Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:32:51.526406246Z 76 PC: 12be3 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5872,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:36.966920869Z 42 PC: 16870 | Get date 0x16870: cmp cx, 0x7cb
0x16874: jne 0x16880
0x16876: cmp dh, 4
0x16879: ja 0x16880
0x1687b: cmp dl, 0xf
0x1687e: jb 0x168c9
0x16880: mov al, 0xff
0x16882: mov ah, 0xf
0x16884: xchg al, ah
0x16886: nop
0x16887: int 0x21
0x16889: cmp ax, 0x101
0x1688c: jne 0x16892
0x1688e: call 0x168cd
0x16891: nop
0x16892: mov ax, 0x3521
0x16895: nop
0x16896: int 0x21
0x16898: cmp word ptr es:[0xa], 0x4254
0x1689f: jne 0x168ad
2018-12-25T11:55:36.980274116Z 255 PC: 16889 | UNKNOWN!
2018-12-25T11:55:36.98120761Z 53 PC: 16898 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:36.982525372Z 240 PC: 168c7 | UNKNOWN!
2018-12-25T11:55:36.983921554Z 44 PC: 167c5 | Get time 0x167c5: cmp cl, 6
0x167c8: jne 0x167ff
0x167ca: mov ax, 0xb800
0x167cd: mov es, ax
0x167cf: mov cx, 0x30
0x167d2: push cx
0x167d3: mov cx, 0x7c0
0x167d6: xor si, si
0x167d8: mov ah, byte ptr es:[si]
0x167db: cmp ah, 0x77
0x167de: jb 0x167ed
0x167e0: dec ah
0x167e2: mov byte ptr es:[si], ah
0x167e5: mov byte ptr es:[si + 1], 0x79
0x167ea: jmp 0x167f7
0x167ec: nop
0x167ed: inc ah
0x167ef: mov byte ptr es:[si], ah
0x167f2: mov byte ptr es:[si + 1], 0x8f
0x167f7: inc si
2018-12-25T11:55:36.986658136Z 48 PC: 12a4c | Get DOS version
2018-12-25T11:55:36.988046992Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:36.989412273Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:36.99268009Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:36.99406982Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:36.99576219Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:36.998646308Z 74 PC: 12af7 | Reallocate memory
2018-12-25T11:55:37.00096137Z 68 PC: 13774 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-25T11:55:37.003009569Z 68 PC: 13774 | I/O control for devices (See above)
2018-12-25T11:55:37.006220999Z 47 PC: 9f6b4 | Get disk transfer address
2018-12-25T11:55:37.007626313Z 26 PC: 9f6b4 | Set disk transfer address (See above)
2018-12-25T11:55:37.009115093Z 78 PC: 9f6b4 | Find first file (See above)
2018-12-25T11:55:37.016596618Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.019997506Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.023357961Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.028554359Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.031655433Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.034603648Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.037965591Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.041353951Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.044532987Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.047810289Z 26 PC: 9f73e | Set disk transfer address
2018-12-25T11:55:37.049839096Z 61 PC: 133e1 | Open file (Filename = 'EMMXXXX0')
2018-12-25T11:55:37.05711803Z 72 PC: 13448 | Allocate memory
2018-12-25T11:55:37.05957982Z 47 PC: 14b35 | Get disk transfer address
2018-12-25T11:55:37.06620039Z 26 PC: 14b3e | Set disk transfer address
2018-12-25T11:55:37.067675345Z 78 PC: 14b48 | Find first file
2018-12-25T11:55:37.074348893Z 26 PC: 14b51 | Set disk transfer address
2018-12-25T11:55:37.086888163Z 64 PC: 158cf | Write file or device (Write 74 bytes on handle 1)
2018-12-25T11:55:37.094471778Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:37.095891052Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:37.102800326Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:37.104225896Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:37.10572235Z 76 PC: 12be3 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5872,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:37.262940438Z 42 PC: 16870 | Get date 0x16870: cmp cx, 0x7cb
0x16874: jne 0x16880
0x16876: cmp dh, 4
0x16879: ja 0x16880
0x1687b: cmp dl, 0xf
0x1687e: jb 0x168c9
0x16880: mov al, 0xff
0x16882: mov ah, 0xf
0x16884: xchg al, ah
0x16886: nop
0x16887: int 0x21
0x16889: cmp ax, 0x101
0x1688c: jne 0x16892
0x1688e: call 0x168cd
0x16891: nop
0x16892: mov ax, 0x3521
0x16895: nop
0x16896: int 0x21
0x16898: cmp word ptr es:[0xa], 0x4254
0x1689f: jne 0x168ad
2018-12-25T11:55:37.266432304Z 255 PC: 16889 | UNKNOWN!
2018-12-25T11:55:37.267772533Z 53 PC: 16898 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:37.269632227Z 240 PC: 168c7 | UNKNOWN!
2018-12-25T11:55:37.277200998Z 44 PC: 167c5 | Get time 0x167c5: cmp cl, 6
0x167c8: jne 0x167ff
0x167ca: mov ax, 0xb800
0x167cd: mov es, ax
0x167cf: mov cx, 0x30
0x167d2: push cx
0x167d3: mov cx, 0x7c0
0x167d6: xor si, si
0x167d8: mov ah, byte ptr es:[si]
0x167db: cmp ah, 0x77
0x167de: jb 0x167ed
0x167e0: dec ah
0x167e2: mov byte ptr es:[si], ah
0x167e5: mov byte ptr es:[si + 1], 0x79
0x167ea: jmp 0x167f7
0x167ec: nop
0x167ed: inc ah
0x167ef: mov byte ptr es:[si], ah
0x167f2: mov byte ptr es:[si + 1], 0x8f
0x167f7: inc si
2018-12-25T11:55:37.280415685Z 48 PC: 12a4c | Get DOS version
2018-12-25T11:55:37.282258524Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:37.284099834Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:37.299725617Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:37.301539444Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:37.303148807Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:37.305077692Z 74 PC: 12af7 | Reallocate memory
2018-12-25T11:55:37.308394084Z 68 PC: 13774 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-25T11:55:37.311757196Z 68 PC: 13774 | I/O control for devices (See above)
2018-12-25T11:55:37.315983692Z 47 PC: 9f6b4 | Get disk transfer address
2018-12-25T11:55:37.318655893Z 26 PC: 9f6b4 | Set disk transfer address (See above)
2018-12-25T11:55:37.319865778Z 78 PC: 9f6b4 | Find first file (See above)
2018-12-25T11:55:37.326534189Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.3299378Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.332814871Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.336200503Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.34001602Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.343790899Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.346606304Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.349887928Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.352998535Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:37.355866201Z 26 PC: 9f73e | Set disk transfer address
2018-12-25T11:55:37.357201423Z 61 PC: 133e1 | Open file (Filename = 'EMMXXXX0')
2018-12-25T11:55:37.365124171Z 72 PC: 13448 | Allocate memory
2018-12-25T11:55:37.3679902Z 47 PC: 14b35 | Get disk transfer address
2018-12-25T11:55:37.369921656Z 26 PC: 14b3e | Set disk transfer address
2018-12-25T11:55:37.371994521Z 78 PC: 14b48 | Find first file
2018-12-25T11:55:37.379223697Z 26 PC: 14b51 | Set disk transfer address
2018-12-25T11:55:37.381490549Z 64 PC: 158cf | Write file or device (Write 74 bytes on handle 1)
2018-12-25T11:55:37.389550677Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:37.39095566Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:37.392226901Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:37.393935227Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:37.395649505Z 76 PC: 12be3 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":5872,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:38.042117566Z 42 PC: 16870 | Get date 0x16870: cmp cx, 0x7cb
0x16874: jne 0x16880
0x16876: cmp dh, 4
0x16879: ja 0x16880
0x1687b: cmp dl, 0xf
0x1687e: jb 0x168c9
0x16880: mov al, 0xff
0x16882: mov ah, 0xf
0x16884: xchg al, ah
0x16886: nop
0x16887: int 0x21
0x16889: cmp ax, 0x101
0x1688c: jne 0x16892
0x1688e: call 0x168cd
0x16891: nop
0x16892: mov ax, 0x3521
0x16895: nop
0x16896: int 0x21
0x16898: cmp word ptr es:[0xa], 0x4254
0x1689f: jne 0x168ad
2018-12-25T11:55:38.045278394Z 255 PC: 16889 | UNKNOWN!
2018-12-25T11:55:38.046197887Z 53 PC: 16898 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:38.047655142Z 240 PC: 168c7 | UNKNOWN!
2018-12-25T11:55:38.049632212Z 44 PC: 167c5 | Get time 0x167c5: cmp cl, 6
0x167c8: jne 0x167ff
0x167ca: mov ax, 0xb800
0x167cd: mov es, ax
0x167cf: mov cx, 0x30
0x167d2: push cx
0x167d3: mov cx, 0x7c0
0x167d6: xor si, si
0x167d8: mov ah, byte ptr es:[si]
0x167db: cmp ah, 0x77
0x167de: jb 0x167ed
0x167e0: dec ah
0x167e2: mov byte ptr es:[si], ah
0x167e5: mov byte ptr es:[si + 1], 0x79
0x167ea: jmp 0x167f7
0x167ec: nop
0x167ed: inc ah
0x167ef: mov byte ptr es:[si], ah
0x167f2: mov byte ptr es:[si + 1], 0x8f
0x167f7: inc si
2018-12-25T11:55:38.107186069Z 48 PC: 12a4c | Get DOS version
2018-12-25T11:55:38.108543102Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:38.11017316Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:38.111416715Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:38.112467855Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:38.113857112Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:38.115163589Z 74 PC: 12af7 | Reallocate memory
2018-12-25T11:55:38.117040895Z 68 PC: 13774 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-25T11:55:38.118958335Z 68 PC: 13774 | I/O control for devices (See above)
2018-12-25T11:55:38.121806542Z 47 PC: 9f6b4 | Get disk transfer address
2018-12-25T11:55:38.122759278Z 26 PC: 9f6b4 | Set disk transfer address (See above)
2018-12-25T11:55:38.12366948Z 78 PC: 9f6b4 | Find first file (See above)
2018-12-25T11:55:38.131027433Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.142512456Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.145114843Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.148635685Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.151316188Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.153852658Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.156898468Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.159490562Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.162430735Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.166033642Z 26 PC: 9f73e | Set disk transfer address
2018-12-25T11:55:38.167547801Z 61 PC: 133e1 | Open file (Filename = 'EMMXXXX0')
2018-12-25T11:55:38.174009649Z 72 PC: 13448 | Allocate memory
2018-12-25T11:55:38.1770589Z 47 PC: 14b35 | Get disk transfer address
2018-12-25T11:55:38.178244835Z 26 PC: 14b3e | Set disk transfer address
2018-12-25T11:55:38.179369982Z 78 PC: 14b48 | Find first file
2018-12-25T11:55:38.18568058Z 26 PC: 14b51 | Set disk transfer address
2018-12-25T11:55:38.187671357Z 64 PC: 158cf | Write file or device (Write 74 bytes on handle 1)
2018-12-25T11:55:38.194207077Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:38.196330969Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:38.197474067Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:38.198545918Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:38.20017259Z 76 PC: 12be3 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":5872,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:38.053945204Z 42 PC: 16870 | Get date 0x16870: cmp cx, 0x7cb
0x16874: jne 0x16880
0x16876: cmp dh, 4
0x16879: ja 0x16880
0x1687b: cmp dl, 0xf
0x1687e: jb 0x168c9
0x16880: mov al, 0xff
0x16882: mov ah, 0xf
0x16884: xchg al, ah
0x16886: nop
0x16887: int 0x21
0x16889: cmp ax, 0x101
0x1688c: jne 0x16892
0x1688e: call 0x168cd
0x16891: nop
0x16892: mov ax, 0x3521
0x16895: nop
0x16896: int 0x21
0x16898: cmp word ptr es:[0xa], 0x4254
0x1689f: jne 0x168ad
2018-12-25T11:55:38.057159907Z 255 PC: 16889 | UNKNOWN!
2018-12-25T11:55:38.058413886Z 53 PC: 16898 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:38.060197159Z 240 PC: 168c7 | UNKNOWN!
2018-12-25T11:55:38.062809061Z 44 PC: 167c5 | Get time 0x167c5: cmp cl, 6
0x167c8: jne 0x167ff
0x167ca: mov ax, 0xb800
0x167cd: mov es, ax
0x167cf: mov cx, 0x30
0x167d2: push cx
0x167d3: mov cx, 0x7c0
0x167d6: xor si, si
0x167d8: mov ah, byte ptr es:[si]
0x167db: cmp ah, 0x77
0x167de: jb 0x167ed
0x167e0: dec ah
0x167e2: mov byte ptr es:[si], ah
0x167e5: mov byte ptr es:[si + 1], 0x79
0x167ea: jmp 0x167f7
0x167ec: nop
0x167ed: inc ah
0x167ef: mov byte ptr es:[si], ah
0x167f2: mov byte ptr es:[si + 1], 0x8f
0x167f7: inc si
2018-12-25T11:55:38.139063007Z 48 PC: 12a4c | Get DOS version
2018-12-25T11:55:38.143796416Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:38.145356931Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:38.14827154Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:38.149739362Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:38.151319368Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:38.153378859Z 74 PC: 12af7 | Reallocate memory
2018-12-25T11:55:38.155731818Z 68 PC: 13774 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-25T11:55:38.157883271Z 68 PC: 13774 | I/O control for devices (See above)
2018-12-25T11:55:38.161577871Z 47 PC: 9f6b4 | Get disk transfer address
2018-12-25T11:55:38.163384382Z 26 PC: 9f6b4 | Set disk transfer address (See above)
2018-12-25T11:55:38.164636006Z 78 PC: 9f6b4 | Find first file (See above)
2018-12-25T11:55:38.173567061Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.19876713Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.202999103Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.206778293Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.209864724Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.212807319Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.216242009Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.21959076Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.22305776Z 79 PC: 9f6b4 | Find next file (See above)
2018-12-25T11:55:38.22609949Z 26 PC: 9f73e | Set disk transfer address
2018-12-25T11:55:38.233267006Z 61 PC: 133e1 | Open file (Filename = 'EMMXXXX0')
2018-12-25T11:55:38.248015092Z 72 PC: 13448 | Allocate memory
2018-12-25T11:55:38.258063232Z 47 PC: 14b35 | Get disk transfer address
2018-12-25T11:55:38.260719379Z 26 PC: 14b3e | Set disk transfer address
2018-12-25T11:55:38.262166385Z 78 PC: 14b48 | Find first file
2018-12-25T11:55:38.26901728Z 26 PC: 14b51 | Set disk transfer address
2018-12-25T11:55:38.273482425Z 64 PC: 158cf | Write file or device (Write 74 bytes on handle 1)
2018-12-25T11:55:38.27901379Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:55:38.280896997Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:55:38.284171972Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:55:38.285554627Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:55:38.287131412Z 76 PC: 12be3 | Terminate with return code (Return code = '0')