Sample viewer

vx.netlux.org/Virus.DOS.CarryOn.386

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:12:23.633249523Z 42 PC: 12ba5 | Get date 0x12ba5: cmp dx, 0x916
0x12ba9: jae 0x12be2
0x12bab: mov ah, 0x4e
0x12bad: xor cx, cx
0x12baf: mov dx, 0x196
0x12bb2: add dx, word ptr cs:[0x101]
0x12bb7: int 0x21
0x12bb9: jb 0x12beb
0x12bbb: mov bp, 0x19c
0x12bbe: add bp, word ptr cs:[0x101]
0x12bc3: call bp
0x12bc5: mov ah, 0x4f
0x12bc7: mov dx, 0x80
0x12bca: int 0x21
0x12bcc: jb 0x12beb
0x12bce: mov bp, 0x19c
0x12bd1: add bp, word ptr cs:[0x101]
0x12bd6: call bp
0x12bd8: mov bp, 0x13b
0x12bdb: add bp, word ptr cs:[0x101]
2018-12-17T22:12:25.827875932Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:12:25.830241969Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:12:25.832609846Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:12:25.839030045Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:12:25.849424873Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:12:25.850799751Z 62 PC: 91fc1 | Close file
2018-12-17T22:12:25.852754002Z 75 PC: 91fe0 | Execute program
2018-12-17T22:12:25.868049192Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:12:25.869277275Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:12:25.873530381Z 48 PC: c609 | Get DOS version
2018-12-17T22:12:25.877429959Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:12:25.87979017Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:12:25.881987406Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:12:25.885770033Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:12:25.890098316Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:12:25.895187893Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:12:25.906037176Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:12:25.907452025Z 62 PC: 91fc1 | Close file
2018-12-17T22:12:25.90960486Z 75 PC: 91fe0 | Execute program
2018-12-17T22:12:25.930873429Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:12:25.937787394Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:12:25.939082101Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:12:25.941394778Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:12:25.942575479Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:25.943744043Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:25.946483809Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:12:25.953912552Z 62 PC: 8f8eb | Close file
2018-12-17T22:12:25.956078148Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.958453126Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.960187187Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.963448706Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.965014084Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.966942227Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.969309163Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.971505471Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.973641178Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.975477737Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.977248195Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.979449842Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.981261555Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.983047605Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.985706843Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.987484074Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.989250906Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.991108116Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.992545663Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.99420047Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.996454508Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.99802516Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:25.999540492Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.002102808Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.003439653Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.004837797Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.007393979Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.008788243Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.010165119Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.012005894Z 62 PC: 8f8f2 | Close file
2018-12-17T22:12:26.013546697Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:12:26.018501388Z 62 PC: 8f90e | Close file
2018-12-17T22:12:26.021258162Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:12:26.022707559Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:12:26.024091359Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:12:26.031002331Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:12:26.032302716Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:12:26.036727056Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:12:26.038941591Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:12:26.040300272Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:12:26.04187278Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:12:26.044460703Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:12:26.045663655Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:12:26.04713844Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:12:26.048721351Z 73 PC: 8fa11 | Release memory
2018-12-17T22:12:26.050604754Z 73 PC: 8efea | Release memory
2018-12-17T22:12:26.05208268Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:12:26.054060717Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:12:26.056538379Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:12:26.057904634Z 73 PC: 8f060 | Release memory
2018-12-17T22:12:26.059281601Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:12:26.06851106Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:26.073751719Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:12:26.075054965Z 62 PC: 8f0d1 | Close file
2018-12-17T22:12:26.076966635Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:12:26.09807688Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:12:26.098926983Z 48 PC: 12bee | Get DOS version
2018-12-17T22:12:26.100410434Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:12:26.102684637Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:12:26.103819061Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:12:26.105630369Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:12:26.107106337Z 72 PC: 1355d | Allocate memory
2018-12-17T22:12:26.10864756Z 25 PC: 13596 | Get default drive
2018-12-17T22:12:26.110278154Z 71 PC: 135ad | Get current directory
2018-12-17T22:12:26.112708291Z 59 PC: 135ba | Change current directory
2018-12-17T22:12:26.117893784Z 59 PC: 135c8 | Change current directory
2018-12-17T22:12:26.124766646Z 59 PC: 135d3 | Change current directory
2018-12-17T22:12:26.129238281Z 25 PC: 12d13 | Get default drive
2018-12-17T22:12:26.130731442Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:12:26.1327866Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:26.134155818Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:26.136547469Z 80 PC: 1301d | Set current PSP
2018-12-17T22:12:26.138545001Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:12:26.140047764Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:26.141519736Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:12:26.144102651Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:12:26.146405409Z 72 PC: 130ec | Allocate memory
2018-12-17T22:12:26.148233437Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:12:26.155262244Z 62 PC: 131ba | Close file
2018-12-17T22:12:26.157307919Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:12:26.158432509Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:12:26.160870557Z 72 PC: 11991 | Allocate memory
2018-12-17T22:12:26.162504719Z 73 PC: 119b2 | Release memory
2018-12-17T22:12:26.16380717Z 72 PC: 119bd | Allocate memory
2018-12-17T22:12:26.16656596Z 73 PC: 119df | Release memory
2018-12-17T22:12:26.167886842Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:12:26.169565054Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:00.714585601Z 42 PC: 12ba5 | Get date 0x12ba5: cmp dx, 0x916
0x12ba9: jae 0x12be2
0x12bab: mov ah, 0x4e
0x12bad: xor cx, cx
0x12baf: mov dx, 0x196
0x12bb2: add dx, word ptr cs:[0x101]
0x12bb7: int 0x21
0x12bb9: jb 0x12beb
0x12bbb: mov bp, 0x19c
0x12bbe: add bp, word ptr cs:[0x101]
0x12bc3: call bp
0x12bc5: mov ah, 0x4f
0x12bc7: mov dx, 0x80
0x12bca: int 0x21
0x12bcc: jb 0x12beb
0x12bce: mov bp, 0x19c
0x12bd1: add bp, word ptr cs:[0x101]
0x12bd6: call bp
0x12bd8: mov bp, 0x13b
0x12bdb: add bp, word ptr cs:[0x101]
2018-12-25T11:46:00.717440996Z 78 PC: 12bb9 | Find first file
2018-12-25T11:46:00.724124467Z 61 PC: 12c2f | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:00.731246559Z 63 PC: 12c58 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:00.73860345Z 66 PC: 12c61 | Move file pointer
2018-12-25T11:46:00.740116789Z 66 PC: 12cd3 | Move file pointer
2018-12-25T11:46:00.741532223Z 63 PC: 12ce4 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:00.744324862Z 66 PC: 12c84 | Move file pointer
2018-12-25T11:46:00.746159681Z 64 PC: 12c93 | Write file or device (Write 386 bytes on handle 5)
2018-12-25T11:46:00.762359962Z 66 PC: 12c9e | Move file pointer
2018-12-25T11:46:00.763650519Z 64 PC: 12cad | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:00.77221544Z 62 PC: 12cb1 | Close file
2018-12-25T11:46:00.781474152Z 79 PC: 12bcc | Find next file
2018-12-25T11:46:00.784554916Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:00.792394986Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:00.799578277Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:00.801062779Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:00.809159285Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:00.811827062Z 66 PC: 12c84 | Move file pointer (See above)
2018-12-25T11:46:00.813361886Z 64 PC: 12c93 | Write file or device (See above)
2018-12-25T11:46:00.816960892Z 66 PC: 12c9e | Move file pointer (See above)
2018-12-25T11:46:00.818547042Z 64 PC: 12cad | Write file or device (See above)
2018-12-25T11:46:00.82138482Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:00.83166252Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:00.834649715Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:00.841695171Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:00.849252378Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:00.851363125Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:00.853249994Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:00.868759399Z 66 PC: 12c84 | Move file pointer (See above)
2018-12-25T11:46:00.87049449Z 64 PC: 12c93 | Write file or device (See above)
2018-12-25T11:46:00.873775273Z 66 PC: 12c9e | Move file pointer (See above)
2018-12-25T11:46:00.875718216Z 64 PC: 12cad | Write file or device (See above)
2018-12-25T11:46:00.879854438Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:00.888747707Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:00.892587428Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:00.900445582Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:00.905763224Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:00.907359797Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:00.909792694Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:00.913324641Z 66 PC: 12c84 | Move file pointer (See above)
2018-12-25T11:46:00.915061427Z 64 PC: 12c93 | Write file or device (See above)
2018-12-25T11:46:00.919262912Z 66 PC: 12c9e | Move file pointer (See above)
2018-12-25T11:46:00.92102289Z 64 PC: 12cad | Write file or device (See above)
2018-12-25T11:46:00.924113213Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:00.933636022Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:00.936995701Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:00.944674839Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:00.952246558Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:00.954405231Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:00.956185832Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:00.958890577Z 66 PC: 12c84 | Move file pointer (See above)
2018-12-25T11:46:00.960631069Z 64 PC: 12c93 | Write file or device (See above)
2018-12-25T11:46:00.965023857Z 66 PC: 12c9e | Move file pointer (See above)
2018-12-25T11:46:00.966635297Z 64 PC: 12cad | Write file or device (See above)
2018-12-25T11:46:00.970144295Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:00.978759059Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:00.980898102Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:00.985716756Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:00.990227378Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:00.991392869Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:00.993168976Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:00.995480189Z 66 PC: 12c84 | Move file pointer (See above)
2018-12-25T11:46:00.997419747Z 64 PC: 12c93 | Write file or device (See above)
2018-12-25T11:46:01.007312759Z 66 PC: 12c9e | Move file pointer (See above)
2018-12-25T11:46:01.008929168Z 64 PC: 12cad | Write file or device (See above)
2018-12-25T11:46:01.016180501Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:01.026266471Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:01.029442185Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:01.037785183Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:01.04591599Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:01.047581711Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:01.049172627Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:01.052199115Z 66 PC: 12c84 | Move file pointer (See above)
2018-12-25T11:46:01.054952966Z 64 PC: 12c93 | Write file or device (See above)
2018-12-25T11:46:01.058126872Z 66 PC: 12c9e | Move file pointer (See above)
2018-12-25T11:46:01.059817329Z 64 PC: 12cad | Write file or device (See above)
2018-12-25T11:46:01.063249579Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:01.072555617Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:01.075857747Z 61 PC: 12c2f | Open file (See above)
2018-12-25T11:46:01.084471861Z 63 PC: 12c58 | Read file or device (See above)
2018-12-25T11:46:01.08791634Z 66 PC: 12c61 | Move file pointer (See above)
2018-12-25T11:46:01.089561953Z 66 PC: 12cd3 | Move file pointer (See above)
2018-12-25T11:46:01.091889659Z 63 PC: 12ce4 | Read file or device (See above)
2018-12-25T11:46:01.094669464Z 62 PC: 12cb1 | Close file (See above)
2018-12-25T11:46:01.096635113Z 79 PC: 12bcc | Find next file (See above)
2018-12-25T11:46:01.100360356Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:46:01.108003127Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":23,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2498,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:00.916640633Z 42 PC: 12ba5 | Get date 0x12ba5: cmp dx, 0x916
0x12ba9: jae 0x12be2
0x12bab: mov ah, 0x4e
0x12bad: xor cx, cx
0x12baf: mov dx, 0x196
0x12bb2: add dx, word ptr cs:[0x101]
0x12bb7: int 0x21
0x12bb9: jb 0x12beb
0x12bbb: mov bp, 0x19c
0x12bbe: add bp, word ptr cs:[0x101]
0x12bc3: call bp
0x12bc5: mov ah, 0x4f
0x12bc7: mov dx, 0x80
0x12bca: int 0x21
0x12bcc: jb 0x12beb
0x12bce: mov bp, 0x19c
0x12bd1: add bp, word ptr cs:[0x101]
0x12bd6: call bp
0x12bd8: mov bp, 0x13b
0x12bdb: add bp, word ptr cs:[0x101]
2018-12-25T11:46:03.127491404Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:46:03.129514674Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:46:03.13209569Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:46:03.135614778Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:46:03.160284018Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:46:03.162310336Z 62 PC: 91fc1 | Close file
2018-12-25T11:46:03.164617107Z 75 PC: 91fe0 | Execute program
2018-12-25T11:46:03.187936211Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:46:03.190031675Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:46:03.194645202Z 48 PC: c609 | Get DOS version
2018-12-25T11:46:03.199556167Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:46:03.202626344Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:46:03.210937509Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:46:03.223977579Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:46:03.228581764Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:46:03.234089031Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:46:03.245978682Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:46:03.249600356Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:46:03.252511866Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:46:03.278577846Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:46:03.2832087Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:46:03.284723701Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:46:03.286112646Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:46:03.288895317Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:46:03.290930082Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:46:03.292439943Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:46:03.301856806Z 62 PC: 8f8eb | Close file
2018-12-25T11:46:03.304459792Z 62 PC: 8f8f2 | Close file
2018-12-25T11:46:03.306801328Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.310244835Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.312302273Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.314307307Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.317183542Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.31969918Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.321757746Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.323795914Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.326981502Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.329028255Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.331079483Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.333887151Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.335784667Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.337613708Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.340364425Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.342524673Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.344424792Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.347213968Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.349152086Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.350846725Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.353150004Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.3549216Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.356500927Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.359260699Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.360961519Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.362631166Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.364294466Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.367675784Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.369388286Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:46:03.371195517Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:46:03.378250021Z 62 PC: 8f90e | Close file
2018-12-25T11:46:03.380211601Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:46:03.381954523Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:46:03.385497133Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:46:03.394999353Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:46:03.396497767Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:46:03.402814583Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:46:03.405096747Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:46:03.407000622Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:46:03.409962919Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:46:03.411991782Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:46:03.413460743Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:46:03.415740228Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:46:03.417697292Z 73 PC: 8fa11 | Release memory
2018-12-25T11:46:03.419512192Z 73 PC: 8efea | Release memory
2018-12-25T11:46:03.421716344Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:46:03.423808015Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:46:03.426307285Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:46:03.429379256Z 73 PC: 8f060 | Release memory
2018-12-25T11:46:03.43147748Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:46:03.441744714Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:03.449884716Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:46:03.452194749Z 62 PC: 8f0d1 | Close file
2018-12-25T11:46:03.454646052Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:46:03.478790856Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:46:03.481164776Z 48 PC: 12bee | Get DOS version
2018-12-25T11:46:03.483326326Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:46:03.486418744Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:46:03.489441693Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:46:03.491364539Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:46:03.493463834Z 72 PC: 1355d | Allocate memory
2018-12-25T11:46:03.496030476Z 25 PC: 13596 | Get default drive
2018-12-25T11:46:03.497991366Z 71 PC: 135ad | Get current directory
2018-12-25T11:46:03.501566949Z 59 PC: 135ba | Change current directory
2018-12-25T11:46:03.509166732Z 59 PC: 135c8 | Change current directory
2018-12-25T11:46:03.517237425Z 59 PC: 135d3 | Change current directory
2018-12-25T11:46:03.521102522Z 25 PC: 12d13 | Get default drive
2018-12-25T11:46:03.523523926Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:46:03.524872778Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:46:03.525995239Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:46:03.528820258Z 80 PC: 1301d | Set current PSP
2018-12-25T11:46:03.529667562Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:46:03.530806982Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:46:03.532486872Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:46:03.533726578Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:46:03.53584963Z 72 PC: 130ec | Allocate memory
2018-12-25T11:46:03.540084234Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:46:03.547350645Z 62 PC: 131ba | Close file
2018-12-25T11:46:03.549829801Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:46:03.556670444Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:46:03.558768509Z 72 PC: 11991 | Allocate memory
2018-12-25T11:46:03.560738436Z 73 PC: 119b2 | Release memory
2018-12-25T11:46:03.5625093Z 72 PC: 119bd | Allocate memory
2018-12-25T11:46:03.565667357Z 73 PC: 119df | Release memory
2018-12-25T11:46:03.567403483Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:46:03.569647168Z 72 PC: 119fd | Allocate memory