Sample viewer

vx.netlux.org/Virus.DOS.Protect.1157

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:45.396143214Z	115	PC: 12b7b \| UNKNOWN!
2018-12-17T22:47:45.397046371Z	73	PC: 12b86 \| Release memory
2018-12-17T22:47:45.398912105Z	74	PC: 12ba3 \| Reallocate memory
2018-12-17T22:47:45.400358933Z	18	PC: 12baa \| Find next file
2018-12-17T22:47:45.40242321Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.406069738Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-17T22:47:45.41441672Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.416873306Z	77	PC: 11fe0 \| Get program return code
2018-12-17T22:47:45.419609982Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.422328463Z	72	PC: 12174 \| Allocate memory
2018-12-17T22:47:45.424729109Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.428070234Z	72	PC: 1218d \| Allocate memory
2018-12-17T22:47:45.430892637Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.433952034Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:47:45.435666255Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.438702316Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:45.439913069Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.442009046Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:45.44376956Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.446459331Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.448041357Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.451203464Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.453417665Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.456313762Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.459030072Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.461834232Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.463651424Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.467098274Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.468785379Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.47123028Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.473504513Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.475857788Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.483269939Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.486221224Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.488012858Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.491218276Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.493738789Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.495845531Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.497566224Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.499837694Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.501718306Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.504279707Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.505952007Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.509001054Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.510705868Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.513050445Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.517738366Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.534556257Z	62	PC: 122ab \| Close file
2018-12-17T22:47:45.537972164Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.540792319Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-17T22:47:45.542232464Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.544629357Z	56	PC: 945e9 \| Get or set country info
2018-12-17T22:47:45.547309252Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.549634251Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:47:45.554598456Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.557399838Z	25	PC: 94652 \| Get default drive
2018-12-17T22:47:45.559221441Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.561477057Z	71	PC: 968cd \| Get current directory
2018-12-17T22:47:45.566911524Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.569239094Z	64	PC: 9a038 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:47:45.572627452Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.575414037Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-17T22:47:45.577738441Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.579958194Z	93	PC: 94710 \| File sharing functions
2018-12-17T22:47:45.582241408Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.584616046Z	93	PC: 94717 \| File sharing functions
2018-12-17T22:47:45.586497436Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-17T22:47:45.588744714Z	10	PC: 94729 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9319,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:51.244661266Z	115	PC: 12b7b \| UNKNOWN!
2018-12-25T12:22:51.245892019Z	73	PC: 12b86 \| Release memory
2018-12-25T12:22:51.247236211Z	74	PC: 12ba3 \| Reallocate memory
2018-12-25T12:22:51.248445813Z	18	PC: 12baa \| Find next file
2018-12-25T12:22:51.2507571Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-25T12:22:51.252933348Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:22:51.260214428Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.2629298Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:22:51.265661029Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.267647098Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:22:51.270304089Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.276597457Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:22:51.278753727Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.280811506Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:22:51.28287303Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.284914461Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:51.285960943Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.28959954Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.290816666Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.292868216Z	62	PC: 122ab \| Close file
2018-12-25T12:22:51.294762727Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.296791782Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.298171785Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.300675687Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.302074127Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.303978742Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.305742714Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.30716959Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.308139892Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.314344364Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.315363757Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.3172232Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.318932148Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.320937928Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.322255035Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.325050797Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.327834392Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.329615718Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.331075367Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.333790514Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.335111072Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.337164162Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.338936218Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.340875838Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.342288555Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.343698529Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.344969795Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.34791892Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.365423724Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.367780405Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-25T12:22:51.369454238Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.372351176Z	56	PC: 945e9 \| Get or set country info
2018-12-25T12:22:51.374397842Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.376666408Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:22:51.382026432Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.384306274Z	25	PC: 94652 \| Get default drive
2018-12-25T12:22:51.386075463Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.389217726Z	71	PC: 968cd \| Get current directory
2018-12-25T12:22:51.393294159Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.395551301Z	64	PC: 9a038 \| Write file or device (See above)
2018-12-25T12:22:51.399247962Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.401539564Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-25T12:22:51.40391664Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.407633189Z	93	PC: 94710 \| File sharing functions
2018-12-25T12:22:51.409255448Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.41127043Z	93	PC: 94717 \| File sharing functions
2018-12-25T12:22:51.413391629Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.415420459Z	10	PC: 94729 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9319,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:51.258268741Z	115	PC: 12b7b \| UNKNOWN!
2018-12-25T12:22:51.259593934Z	73	PC: 12b86 \| Release memory
2018-12-25T12:22:51.261171564Z	74	PC: 12ba3 \| Reallocate memory
2018-12-25T12:22:51.262778604Z	18	PC: 12baa \| Find next file
2018-12-25T12:22:51.265251057Z	42	PC: 9f6d7 \| Get date 0x9f6d7: cmp cx, 0x7c8 0x9f6db: jb 0x9f6e3 0x9f6dd: mov byte ptr cs:[0x64], 1 0x9f6e3: pop dx 0x9f6e4: pop cx 0x9f6e5: pop ax 0x9f6e6: ljmp ptr cs:[0] 0x9f6eb: mov ax, 0x2371 0x9f6ee: iret 0x9f6ef: push ds 0x9f6f0: push es 0x9f6f1: push bp 0x9f6f2: push si 0x9f6f3: push di 0x9f6f4: push ax 0x9f6f5: push bx 0x9f6f6: push cx 0x9f6f7: push dx 0x9f6f8: pushf 0x9f6f9: push ax
2018-12-25T12:22:51.267546193Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:22:51.275384034Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.277995747Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:22:51.279312674Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.281795013Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:22:51.283817677Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.286549763Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:22:51.289147574Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.291652385Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:22:51.293085868Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.295492756Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:22:51.296789799Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.300165992Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:51.301367721Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.303606897Z	62	PC: 122ab \| Close file
2018-12-25T12:22:51.306006197Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.308936772Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.310557926Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.313271726Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.314853216Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.31721923Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.319318584Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.322428112Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.323878788Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.326700991Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.328270426Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.330503005Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.33321471Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.336279097Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.337834359Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.340056744Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.341903963Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.344185669Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.345691854Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.352277097Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.354016838Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.356261101Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.35828851Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.360630282Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.362148188Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.364707213Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.366256327Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.368810471Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:22:51.372683223Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.375173533Z	99	PC: 99dc7 \| Get DBCS lead byte table pointer
2018-12-25T12:22:51.376701628Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.379387477Z	56	PC: 945e9 \| Get or set country info
2018-12-25T12:22:51.381599394Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.38393307Z	64	PC: 9a038 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:22:51.389191775Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.403707473Z	25	PC: 94652 \| Get default drive
2018-12-25T12:22:51.405469484Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.407749801Z	71	PC: 968cd \| Get current directory
2018-12-25T12:22:51.412179971Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.414250874Z	64	PC: 9a038 \| Write file or device (See above)
2018-12-25T12:22:51.417552739Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.420671848Z	2	PC: 968a2 \| Character output (Char = '3e')
2018-12-25T12:22:51.42371206Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.425809151Z	93	PC: 94710 \| File sharing functions
2018-12-25T12:22:51.427807591Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.429920355Z	93	PC: 94717 \| File sharing functions
2018-12-25T12:22:51.431723234Z	42	PC: 9f6d7 \| Get date (See above)
2018-12-25T12:22:51.434290661Z	10	PC: 94729 \| Buffered keyboard input