Sample viewer

vx.netlux.org/Virus.DOS.Semtex.686

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:00.885285323Z	82	PC: 12a62 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:40:00.887412258Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:00.889946728Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-17T22:40:00.891514353Z	37	PC: 12ae8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:00.89535133Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.898712523Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:40:00.900550274Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.903208667Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:40:00.90637811Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.909125942Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:40:00.911735363Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.920086318Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:40:00.921874727Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.924342722Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:00.930841499Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.938834281Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:00.940679838Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.94445052Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.951220646Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.954185965Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.956512926Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.960155658Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.962731767Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.965678381Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.969684255Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.972300068Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.974450517Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.978062592Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.98005281Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:00.982979988Z	62	PC: 122ab \| Close file
2018-12-17T22:40:00.993662622Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.006390709Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.008938584Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.012209699Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.016871063Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.020139061Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.023494895Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.047246416Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.049999847Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.052594581Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.055338094Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.057779079Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.059511593Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.063543926Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.065359586Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.071064382Z	62	PC: 122ab \| Close file
2018-12-17T22:40:01.076260201Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.079093563Z	99	PC: 995e7 \| Get DBCS lead byte table pointer
2018-12-17T22:40:01.091375231Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.098121131Z	56	PC: 93e09 \| Get or set country info
2018-12-17T22:40:01.10267821Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.111267834Z	64	PC: 99858 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:40:01.117340389Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.120618937Z	25	PC: 93e72 \| Get default drive
2018-12-17T22:40:01.123952419Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.127011424Z	71	PC: 960ed \| Get current directory
2018-12-17T22:40:01.132562019Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.135375063Z	64	PC: 99858 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:40:01.160107226Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.163816072Z	2	PC: 960c2 \| Character output (Char = '3e')
2018-12-17T22:40:01.166617985Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.169210955Z	93	PC: 93f30 \| File sharing functions
2018-12-17T22:40:01.172904793Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.175804118Z	93	PC: 93f37 \| File sharing functions
2018-12-17T22:40:01.178309654Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-17T22:40:01.181821751Z	10	PC: 93f49 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6899,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:33.425678633Z	82	PC: 12a62 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:33.428676011Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:33.430473344Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-25T12:00:33.432188745Z	37	PC: 12ae8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:33.437420104Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-25T12:00:33.443404767Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:00:33.445035929Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.45553675Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:00:33.457802843Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.463836777Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:00:33.466347837Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.473740315Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:00:33.475262274Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.481652266Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:33.493252725Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.501304265Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:33.503159603Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.512139898Z	62	PC: 122ab \| Close file
2018-12-25T12:00:33.514257784Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.52049745Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.523620846Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.530461113Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.532610345Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.539254232Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.542073136Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.548128393Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.550635707Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.557870713Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.560008161Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.56705664Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.572534962Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.579290723Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.581438034Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.588721489Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.590334541Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.596305856Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.598556984Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.604966773Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.606693588Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.612701661Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.615537804Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.621457399Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.623183966Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.631026707Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.633120476Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.640081558Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.644111811Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.65025907Z	99	PC: 995e7 \| Get DBCS lead byte table pointer
2018-12-25T12:00:33.652064993Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.658903136Z	56	PC: 93e09 \| Get or set country info
2018-12-25T12:00:33.66167542Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.668480501Z	64	PC: 99858 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:00:33.673804587Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.68046826Z	25	PC: 93e72 \| Get default drive
2018-12-25T12:00:33.682571452Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.689734995Z	71	PC: 960ed \| Get current directory
2018-12-25T12:00:33.694689277Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.698947982Z	64	PC: 99858 \| Write file or device (See above)
2018-12-25T12:00:33.701324139Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.706181053Z	2	PC: 960c2 \| Character output (Char = '3e')
2018-12-25T12:00:33.707923816Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.711494968Z	93	PC: 93f30 \| File sharing functions
2018-12-25T12:00:33.713463697Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.716899116Z	93	PC: 93f37 \| File sharing functions
2018-12-25T12:00:33.718404004Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.722561956Z	10	PC: 93f49 \| Buffered keyboard input

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":6899,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:33.406126314Z	82	PC: 12a62 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:33.40847259Z	53	PC: 12aca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:33.409564279Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-25T12:00:33.410551191Z	37	PC: 12ae8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:33.41457142Z	44	PC: 9eea6 \| Get time 0x9eea6: cmp cl, 0 0x9eea9: jne 0x9eeb7 0x9eeab: mov ax, 0xb800 0x9eeae: push ax 0x9eeaf: pop es 0x9eeb0: xor di, di 0x9eeb2: mov cx, 0x3e80 0x9eeb5: rep movsb byte ptr es:[di], byte ptr [si] 0x9eeb7: pop si 0x9eeb8: pop di 0x9eeb9: pop ds 0x9eeba: pop es 0x9eebb: pop dx 0x9eebc: pop cx 0x9eebd: pop bx 0x9eebe: pop ax 0x9eebf: popf 0x9eec0: ljmp ptr cs:[0x2c6] 0x9eec5: add byte ptr [bx + si], al 0x9eec7: add byte ptr [bx + si], al
2018-12-25T12:00:33.416691317Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:00:33.417768292Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.420433048Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:00:33.422129345Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.424133659Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:00:33.426744937Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.42912765Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:00:33.430572633Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.436338655Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:33.437928821Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.440798292Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:33.443042304Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.446276884Z	62	PC: 122ab \| Close file
2018-12-25T12:00:33.448192149Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.450677869Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.452919925Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.455177854Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.456691355Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.463156444Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.464898852Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.467265391Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.476681978Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.479759613Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.482074151Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.491649368Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.493195089Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.495304729Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.497738889Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.500523182Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.50200878Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.505585672Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.507086061Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.509138378Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.511474517Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.513660536Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.515121236Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.517365021Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.520466613Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.522713735Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.524421596Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.527440488Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:00:33.530321932Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.532455082Z	99	PC: 995e7 \| Get DBCS lead byte table pointer
2018-12-25T12:00:33.535238624Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.537290681Z	56	PC: 93e09 \| Get or set country info
2018-12-25T12:00:33.539154062Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.541613152Z	64	PC: 99858 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:00:33.545843643Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.54775757Z	25	PC: 93e72 \| Get default drive
2018-12-25T12:00:33.549670163Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.551669686Z	71	PC: 960ed \| Get current directory
2018-12-25T12:00:33.555411298Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.557978978Z	64	PC: 99858 \| Write file or device (See above)
2018-12-25T12:00:33.560980831Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.562938662Z	2	PC: 960c2 \| Character output (Char = '3e')
2018-12-25T12:00:33.565487069Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.567532012Z	93	PC: 93f30 \| File sharing functions
2018-12-25T12:00:33.569077264Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.571557273Z	93	PC: 93f37 \| File sharing functions
2018-12-25T12:00:33.573201154Z	44	PC: 9eea6 \| Get time (See above)
2018-12-25T12:00:33.575233389Z	10	PC: 93f49 \| Buffered keyboard input