Sample viewer

vx.netlux.org/Virus.DOS.GD.539

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:38:31.637316383Z	74	PC: 14b7c \| Reallocate memory
2018-12-17T22:38:31.646142099Z	72	PC: 14b84 \| Allocate memory
2018-12-17T22:38:31.647642998Z	53	PC: 9fa43 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:31.648792082Z	37	PC: 9fa54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:31.650746579Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.653771134Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')
2018-12-17T22:38:31.656939881Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.659717421Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:38:31.661565899Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.664545091Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:38:31.667320197Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.671038558Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:38:31.673403386Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.67583594Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:38:31.677797769Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.680184348Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:31.681632077Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.684885423Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:31.686273931Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.688675586Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.691579933Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.695925188Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.698235838Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.705517871Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.707680397Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.710683804Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.714396276Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.717422744Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.719183855Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.721905541Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.723772086Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.726102814Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.727731445Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.730711156Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.732864722Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.735386598Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.738535255Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.74131847Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.743354142Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.746568059Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.748592776Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.751378232Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.754023784Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.756362548Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.758191033Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.761122466Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.762877272Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.765510859Z	62	PC: 122ab \| Close file
2018-12-17T22:38:31.769369172Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.771916611Z	99	PC: 9a2a7 \| Get DBCS lead byte table pointer
2018-12-17T22:38:31.773447521Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.776254566Z	56	PC: 94ac9 \| Get or set country info
2018-12-17T22:38:31.77840377Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.780772203Z	64	PC: 9a518 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:38:31.786758441Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.78979012Z	25	PC: 94b32 \| Get default drive
2018-12-17T22:38:31.792019058Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.794942308Z	71	PC: 96dad \| Get current directory
2018-12-17T22:38:31.800403549Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.803631626Z	64	PC: 9a518 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:38:31.808064512Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.812005794Z	2	PC: 96d82 \| Character output (Char = '3e')
2018-12-17T22:38:31.814360435Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.816602007Z	93	PC: 94bf0 \| File sharing functions
2018-12-17T22:38:31.819291701Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.821727832Z	93	PC: 94bf7 \| File sharing functions
2018-12-17T22:38:31.82376025Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-17T22:38:31.826850113Z	10	PC: 94c09 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6603,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:58.195797314Z	74	PC: 14b7c \| Reallocate memory
2018-12-25T11:59:58.198142653Z	72	PC: 14b84 \| Allocate memory
2018-12-25T11:59:58.199735211Z	53	PC: 9fa43 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:58.200838333Z	37	PC: 9fa54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:58.203047269Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-25T11:59:58.205093598Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')
2018-12-25T11:59:58.20807308Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.212725547Z	77	PC: 11fe0 \| Get program return code
2018-12-25T11:59:58.215241282Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.218697283Z	72	PC: 12174 \| Allocate memory
2018-12-25T11:59:58.220911038Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.227983113Z	72	PC: 1218d \| Allocate memory
2018-12-25T11:59:58.230353813Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.232491534Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:59:58.234426056Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.236648531Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:59:58.238010521Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.241668763Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:58.243592802Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.246139712Z	62	PC: 122ab \| Close file
2018-12-25T11:59:58.248764441Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.264306177Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.26568887Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.268425559Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.270274835Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.272623497Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.275109465Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.277389658Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.279105495Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.282355758Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.290878033Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.293506927Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.295767055Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.298148878Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.303400882Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.31952026Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.323486056Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.325917397Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.328344023Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.331045968Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.332808014Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.335370003Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.349676255Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.352061616Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.354044624Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.357612499Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.359426086Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.361985982Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.365734486Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.368065398Z	99	PC: 9a2a7 \| Get DBCS lead byte table pointer
2018-12-25T11:59:58.369677346Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.372472887Z	56	PC: 94ac9 \| Get or set country info
2018-12-25T11:59:58.374517286Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.376940178Z	64	PC: 9a518 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:59:58.381889445Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.384067693Z	25	PC: 94b32 \| Get default drive
2018-12-25T11:59:58.385881301Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.3895275Z	71	PC: 96dad \| Get current directory
2018-12-25T11:59:58.393579608Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.395933791Z	64	PC: 9a518 \| Write file or device (See above)
2018-12-25T11:59:58.399826113Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.402114172Z	2	PC: 96d82 \| Character output (Char = '3e')
2018-12-25T11:59:58.404557665Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.409020029Z	93	PC: 94bf0 \| File sharing functions
2018-12-25T11:59:58.410908332Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.421473976Z	93	PC: 94bf7 \| File sharing functions
2018-12-25T11:59:58.424466464Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.426987524Z	10	PC: 94c09 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":2,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6603,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:58.364910841Z	74	PC: 14b7c \| Reallocate memory
2018-12-25T11:59:58.367878319Z	72	PC: 14b84 \| Allocate memory
2018-12-25T11:59:58.369815919Z	53	PC: 9fa43 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:58.371262331Z	37	PC: 9fa54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:58.384471499Z	44	PC: 9fb23 \| Get time 0x9fb23: cmp ch, 2 0x9fb26: jne 0x9fb4c 0x9fb2a: push cs 0x9fb2b: pop ds 0x9fb2c: mov al, 2 0x9fb2e: mov cx, 0x32 0x9fb31: mov dx, 0 0x9fb34: lea bx, word ptr [0x284] 0x9fb38: int 0x26 0x9fb3a: pop ax 0x9fb3b: lea si, word ptr [0x294] 0x9fb3f: mov ax, 0xb87c 0x9fb42: mov es, ax 0x9fb44: xor di, di 0x9fb46: cld 0x9fb47: mov cx, 0x1e 0x9fb4a: rep movsb byte ptr es:[di], byte ptr [si] 0x9fb4c: pop ds 0x9fb4d: pop es 0x9fb4e: popaw
2018-12-25T11:59:58.387529969Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')
2018-12-25T11:59:58.390874206Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.394282429Z	77	PC: 11fe0 \| Get program return code
2018-12-25T11:59:58.400376684Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.403518334Z	72	PC: 12174 \| Allocate memory
2018-12-25T11:59:58.413155147Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.417176057Z	72	PC: 1218d \| Allocate memory
2018-12-25T11:59:58.419849706Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.423439624Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:59:58.425462363Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.428430996Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:59:58.429851431Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.438922593Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:58.440321562Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.443582627Z	62	PC: 122ab \| Close file
2018-12-25T11:59:58.446865571Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.449629745Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.451212572Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.455009985Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.456752825Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.460151063Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.462636685Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.465578529Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.467297395Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.470576514Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.472472617Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.475370234Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.477618372Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.481012652Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.482795981Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.486789795Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.488924387Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.4915923Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.493074839Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.4968156Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.498639972Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.50157746Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.50401898Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.50756184Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.509263373Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.513069469Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.518721725Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.521541123Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:59:58.525254879Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.528172074Z	99	PC: 9a2a7 \| Get DBCS lead byte table pointer
2018-12-25T11:59:58.529734223Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.533187118Z	56	PC: 94ac9 \| Get or set country info
2018-12-25T11:59:58.535583988Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.538163672Z	64	PC: 9a518 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:59:58.543426868Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.546259737Z	25	PC: 94b32 \| Get default drive
2018-12-25T11:59:58.548026436Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.551304602Z	71	PC: 96dad \| Get current directory
2018-12-25T11:59:58.555371828Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.55817736Z	64	PC: 9a518 \| Write file or device (See above)
2018-12-25T11:59:58.562022678Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.564805068Z	2	PC: 96d82 \| Character output (Char = '3e')
2018-12-25T11:59:58.567494013Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.571437116Z	93	PC: 94bf0 \| File sharing functions
2018-12-25T11:59:58.578392098Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.581221482Z	93	PC: 94bf7 \| File sharing functions
2018-12-25T11:59:58.58378728Z	44	PC: 9fb23 \| Get time (See above)
2018-12-25T11:59:58.586633095Z	10	PC: 94c09 \| Buffered keyboard input