Sample viewer

vx.netlux.org/Virus.DOS.Corrupted.S&S_Goat

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:22.714243624Z 44 PC: 12db9 | Get time 0x12db9: cmp dh, 0xa
0x12dbc: je 0x12dc4
0x12dbe: cmp dh, 0xb
0x12dc1: je 0x12dc4
0x12dc3: ret
0x12dc4: mov ah, 0x33
0x12dc6: mov al, 1
0x12dc8: mov dl, 0
0x12dca: int 0x21
0x12dcc: mov dx, 0x24e
0x12dcf: mov ah, 9
0x12dd1: int 0x21
0x12dd3: mov ax, 0x40
0x12dd6: mov ds, ax
0x12dd8: mov bx, 0x17
0x12ddb: mov cx, 0x1e
0x12dde: mov ax, 0x70
0x12de1: mov word ptr [bx], ax
0x12de3: call 0x12df6
0x12de6: mov ax, 0x80
2018-12-17T23:05:22.732142992Z 25 PC: 12c32 | Get default drive
2018-12-17T23:05:22.73420455Z 71 PC: 12c41 | Get current directory
2018-12-17T23:05:22.737085613Z 53 PC: 12f5b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:22.739385073Z 37 PC: 12f6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:22.74084458Z 14 PC: 12c4a | Set default drive (Drive = 'A')
2018-12-17T23:05:22.742391375Z 44 PC: 12c68 | Get time 0x12c68: sub dh, 0x28
0x12c6b: jge 0x12c71
0x12c6d: inc word ptr [0x21e]
0x12c71: mov ah, 0x3b
0x12c73: mov dx, 0x1d5
0x12c76: int 0x21
0x12c78: mov word ptr [0x216], 0
0x12c7e: mov word ptr [0x218], 0
0x12c84: inc word ptr [0x21e]
0x12c88: mov di, word ptr [0x21e]
0x12c8c: add di, 0x220
0x12c90: mov dl, byte ptr [di]
0x12c92: cmp dl, 0xff
0x12c95: jne 0x12c9a
0x12c97: jmp 0x12f80
0x12c9a: mov ah, 0xe
0x12c9c: mov byte ptr [0x1d4], dl
0x12ca0: int 0x21
0x12ca2: mov dl, byte ptr [0x1d4]
0x12ca6: add dl, 1
2018-12-17T23:05:22.744519237Z 59 PC: 12c78 | Change current directory
2018-12-17T23:05:22.749252118Z 14 PC: 12ca2 | Set default drive (Drive = 'C')
2018-12-17T23:05:22.750509838Z 71 PC: 12cb0 | Get current directory
2018-12-17T23:05:22.752809713Z 59 PC: 12cb7 | Change current directory
2018-12-17T23:05:22.76362621Z 26 PC: 12e38 | Set disk transfer address
2018-12-17T23:05:22.764906582Z 78 PC: 12e43 | Find first file
2018-12-17T23:05:22.770539044Z 79 PC: 12e53 | Find next file
2018-12-17T23:05:22.773842029Z 78 PC: 12e4e | Find first file
2018-12-17T23:05:22.779474435Z 71 PC: 12d72 | Get current directory
2018-12-17T23:05:22.782313595Z 79 PC: 12e53 | Find next file
2018-12-17T23:05:22.78594712Z 71 PC: 12d72 | Get current directory
2018-12-17T23:05:22.789210092Z 79 PC: 12e53 | Find next file
2018-12-17T23:05:22.791611522Z 59 PC: 12d4e | Change current directory
2018-12-17T23:05:22.797989278Z 78 PC: 12e43 | Find first file
2018-12-17T23:05:22.806550812Z 61 PC: 12e75 | Open file (Filename = 'W W5W')
2018-12-17T23:05:22.813861906Z 66 PC: 12f38 | Move file pointer
2018-12-17T23:05:22.816014376Z 63 PC: 12f4b | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:22.821621462Z 66 PC: 12e8e | Move file pointer
2018-12-17T23:05:22.823036179Z 63 PC: 12e9c | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:22.827172482Z 66 PC: 12eac | Move file pointer
2018-12-17T23:05:22.828962394Z 64 PC: 12ec0 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:22.832014034Z 66 PC: 12ed1 | Move file pointer
2018-12-17T23:05:22.834644923Z 64 PC: 12ef8 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:22.837890496Z 64 PC: 12f11 | Write file or device (Write 1268 bytes on handle 5)
2018-12-17T23:05:23.170744766Z 87 PC: 12e23 | Get or set file date and time
2018-12-17T23:05:23.173938688Z 62 PC: 12f1a | Close file
2018-12-17T23:05:23.180449779Z 37 PC: 12f7c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:23.182196525Z 14 PC: 12f8b | Set default drive (Drive = 'A')
2018-12-17T23:05:23.183612423Z 59 PC: 12f92 | Change current directory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15177,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:47.321798126Z 44 PC: 12db9 | Get time 0x12db9: cmp dh, 0xa
0x12dbc: je 0x12dc4
0x12dbe: cmp dh, 0xb
0x12dc1: je 0x12dc4
0x12dc3: ret
0x12dc4: mov ah, 0x33
0x12dc6: mov al, 1
0x12dc8: mov dl, 0
0x12dca: int 0x21
0x12dcc: mov dx, 0x24e
0x12dcf: mov ah, 9
0x12dd1: int 0x21
0x12dd3: mov ax, 0x40
0x12dd6: mov ds, ax
0x12dd8: mov bx, 0x17
0x12ddb: mov cx, 0x1e
0x12dde: mov ax, 0x70
0x12de1: mov word ptr [bx], ax
0x12de3: call 0x12df6
0x12de6: mov ax, 0x80
2018-12-25T12:42:47.334427684Z 25 PC: 12c32 | Get default drive
2018-12-25T12:42:47.335450669Z 71 PC: 12c41 | Get current directory
2018-12-25T12:42:47.338123096Z 53 PC: 12f5b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.340133131Z 37 PC: 12f6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.341189234Z 14 PC: 12c4a | Set default drive (Drive = 'A')
2018-12-25T12:42:47.342364816Z 44 PC: 12c68 | Get time 0x12c68: sub dh, 0x28
0x12c6b: jge 0x12c71
0x12c6d: inc word ptr [0x21e]
0x12c71: mov ah, 0x3b
0x12c73: mov dx, 0x1d5
0x12c76: int 0x21
0x12c78: mov word ptr [0x216], 0
0x12c7e: mov word ptr [0x218], 0
0x12c84: inc word ptr [0x21e]
0x12c88: mov di, word ptr [0x21e]
0x12c8c: add di, 0x220
0x12c90: mov dl, byte ptr [di]
0x12c92: cmp dl, 0xff
0x12c95: jne 0x12c9a
0x12c97: jmp 0x12f80
0x12c9a: mov ah, 0xe
0x12c9c: mov byte ptr [0x1d4], dl
0x12ca0: int 0x21
0x12ca2: mov dl, byte ptr [0x1d4]
0x12ca6: add dl, 1
2018-12-25T12:42:47.344614703Z 59 PC: 12c78 | Change current directory
2018-12-25T12:42:47.348438721Z 14 PC: 12ca2 | Set default drive (Drive = 'D')
2018-12-25T12:42:47.349452334Z 71 PC: 12cb0 | Get current directory
2018-12-25T12:42:47.350861203Z 59 PC: 12cb7 | Change current directory
2018-12-25T12:42:47.35482481Z 26 PC: 12e38 | Set disk transfer address
2018-12-25T12:42:47.355732543Z 78 PC: 12e43 | Find first file
2018-12-25T12:42:47.361456892Z 61 PC: 12e75 | Open file (Filename = 'W W5W')
2018-12-25T12:42:47.373175025Z 66 PC: 12f38 | Move file pointer
2018-12-25T12:42:47.374521046Z 63 PC: 12f4b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.380739098Z 66 PC: 12e8e | Move file pointer
2018-12-25T12:42:47.383440096Z 63 PC: 12e9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.385657478Z 66 PC: 12eac | Move file pointer
2018-12-25T12:42:47.38682521Z 64 PC: 12ec0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:47.389838789Z 66 PC: 12ed1 | Move file pointer
2018-12-25T12:42:47.391087574Z 64 PC: 12ef8 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:42:47.393483364Z 64 PC: 12f11 | Write file or device (Write 1268 bytes on handle 5)
2018-12-25T12:42:48.09331525Z 87 PC: 12e23 | Get or set file date and time
2018-12-25T12:42:48.095402346Z 62 PC: 12f1a | Close file
2018-12-25T12:42:48.384939215Z 37 PC: 12f7c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:48.402550501Z 14 PC: 12f8b | Set default drive (Drive = 'A')
2018-12-25T12:42:48.404542699Z 59 PC: 12f92 | Change current directory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":10,"TimeBased":true,"OriginalID":15177,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:47.344570334Z 44 PC: 12db9 | Get time 0x12db9: cmp dh, 0xa
0x12dbc: je 0x12dc4
0x12dbe: cmp dh, 0xb
0x12dc1: je 0x12dc4
0x12dc3: ret
0x12dc4: mov ah, 0x33
0x12dc6: mov al, 1
0x12dc8: mov dl, 0
0x12dca: int 0x21
0x12dcc: mov dx, 0x24e
0x12dcf: mov ah, 9
0x12dd1: int 0x21
0x12dd3: mov ax, 0x40
0x12dd6: mov ds, ax
0x12dd8: mov bx, 0x17
0x12ddb: mov cx, 0x1e
0x12dde: mov ax, 0x70
0x12de1: mov word ptr [bx], ax
0x12de3: call 0x12df6
0x12de6: mov ax, 0x80
2018-12-25T12:42:47.34707325Z 25 PC: 12c32 | Get default drive
2018-12-25T12:42:47.348454218Z 71 PC: 12c41 | Get current directory
2018-12-25T12:42:47.351595746Z 53 PC: 12f5b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.353966305Z 37 PC: 12f6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.355440227Z 14 PC: 12c4a | Set default drive (Drive = 'A')
2018-12-25T12:42:47.356688088Z 44 PC: 12c68 | Get time 0x12c68: sub dh, 0x28
0x12c6b: jge 0x12c71
0x12c6d: inc word ptr [0x21e]
0x12c71: mov ah, 0x3b
0x12c73: mov dx, 0x1d5
0x12c76: int 0x21
0x12c78: mov word ptr [0x216], 0
0x12c7e: mov word ptr [0x218], 0
0x12c84: inc word ptr [0x21e]
0x12c88: mov di, word ptr [0x21e]
0x12c8c: add di, 0x220
0x12c90: mov dl, byte ptr [di]
0x12c92: cmp dl, 0xff
0x12c95: jne 0x12c9a
0x12c97: jmp 0x12f80
0x12c9a: mov ah, 0xe
0x12c9c: mov byte ptr [0x1d4], dl
0x12ca0: int 0x21
0x12ca2: mov dl, byte ptr [0x1d4]
0x12ca6: add dl, 1
2018-12-25T12:42:47.358985821Z 59 PC: 12c78 | Change current directory
2018-12-25T12:42:47.369161481Z 14 PC: 12ca2 | Set default drive (Drive = 'D')
2018-12-25T12:42:47.370358475Z 71 PC: 12cb0 | Get current directory
2018-12-25T12:42:47.371922076Z 59 PC: 12cb7 | Change current directory
2018-12-25T12:42:47.376408711Z 26 PC: 12e38 | Set disk transfer address
2018-12-25T12:42:47.377462611Z 78 PC: 12e43 | Find first file
2018-12-25T12:42:47.383843331Z 61 PC: 12e75 | Open file (Filename = 'W W5W')
2018-12-25T12:42:47.396334Z 66 PC: 12f38 | Move file pointer
2018-12-25T12:42:47.397564127Z 63 PC: 12f4b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.403968945Z 66 PC: 12e8e | Move file pointer
2018-12-25T12:42:47.405773466Z 63 PC: 12e9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.408047339Z 66 PC: 12eac | Move file pointer
2018-12-25T12:42:47.409330186Z 64 PC: 12ec0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:47.412556804Z 66 PC: 12ed1 | Move file pointer
2018-12-25T12:42:47.414073109Z 64 PC: 12ef8 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:42:47.416701664Z 64 PC: 12f11 | Write file or device (Write 1268 bytes on handle 5)
2018-12-25T12:42:48.093318852Z 87 PC: 12e23 | Get or set file date and time
2018-12-25T12:42:48.095217432Z 62 PC: 12f1a | Close file
2018-12-25T12:42:48.384783984Z 37 PC: 12f7c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:48.387609521Z 14 PC: 12f8b | Set default drive (Drive = 'A')
2018-12-25T12:42:48.391870526Z 59 PC: 12f92 | Change current directory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":15177,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:47.502386942Z 44 PC: 12db9 | Get time 0x12db9: cmp dh, 0xa
0x12dbc: je 0x12dc4
0x12dbe: cmp dh, 0xb
0x12dc1: je 0x12dc4
0x12dc3: ret
0x12dc4: mov ah, 0x33
0x12dc6: mov al, 1
0x12dc8: mov dl, 0
0x12dca: int 0x21
0x12dcc: mov dx, 0x24e
0x12dcf: mov ah, 9
0x12dd1: int 0x21
0x12dd3: mov ax, 0x40
0x12dd6: mov ds, ax
0x12dd8: mov bx, 0x17
0x12ddb: mov cx, 0x1e
0x12dde: mov ax, 0x70
0x12de1: mov word ptr [bx], ax
0x12de3: call 0x12df6
0x12de6: mov ax, 0x80
2018-12-25T12:42:47.505313823Z 25 PC: 12c32 | Get default drive
2018-12-25T12:42:47.506590618Z 71 PC: 12c41 | Get current directory
2018-12-25T12:42:47.5097476Z 53 PC: 12f5b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.511110841Z 37 PC: 12f6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.513536333Z 14 PC: 12c4a | Set default drive (Drive = 'A')
2018-12-25T12:42:47.515463023Z 44 PC: 12c68 | Get time 0x12c68: sub dh, 0x28
0x12c6b: jge 0x12c71
0x12c6d: inc word ptr [0x21e]
0x12c71: mov ah, 0x3b
0x12c73: mov dx, 0x1d5
0x12c76: int 0x21
0x12c78: mov word ptr [0x216], 0
0x12c7e: mov word ptr [0x218], 0
0x12c84: inc word ptr [0x21e]
0x12c88: mov di, word ptr [0x21e]
0x12c8c: add di, 0x220
0x12c90: mov dl, byte ptr [di]
0x12c92: cmp dl, 0xff
0x12c95: jne 0x12c9a
0x12c97: jmp 0x12f80
0x12c9a: mov ah, 0xe
0x12c9c: mov byte ptr [0x1d4], dl
0x12ca0: int 0x21
0x12ca2: mov dl, byte ptr [0x1d4]
0x12ca6: add dl, 1
2018-12-25T12:42:47.518981606Z 59 PC: 12c78 | Change current directory
2018-12-25T12:42:47.526394814Z 14 PC: 12ca2 | Set default drive (Drive = 'D')
2018-12-25T12:42:47.52786863Z 71 PC: 12cb0 | Get current directory
2018-12-25T12:42:47.529762947Z 59 PC: 12cb7 | Change current directory
2018-12-25T12:42:47.535715382Z 26 PC: 12e38 | Set disk transfer address
2018-12-25T12:42:47.537303438Z 78 PC: 12e43 | Find first file
2018-12-25T12:42:47.544941042Z 61 PC: 12e75 | Open file (Filename = 'W W5W')
2018-12-25T12:42:47.560336709Z 66 PC: 12f38 | Move file pointer
2018-12-25T12:42:47.563246022Z 63 PC: 12f4b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.569616711Z 66 PC: 12e8e | Move file pointer
2018-12-25T12:42:47.572752742Z 63 PC: 12e9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.576739982Z 66 PC: 12eac | Move file pointer
2018-12-25T12:42:47.578738019Z 64 PC: 12ec0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:47.58218308Z 66 PC: 12ed1 | Move file pointer
2018-12-25T12:42:47.58526705Z 64 PC: 12ef8 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:42:47.588895416Z 64 PC: 12f11 | Write file or device (Write 1268 bytes on handle 5)
2018-12-25T12:42:47.604845254Z 87 PC: 12e23 | Get or set file date and time
2018-12-25T12:42:47.608075115Z 62 PC: 12f1a | Close file
2018-12-25T12:42:47.617478971Z 37 PC: 12f7c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.618652549Z 14 PC: 12f8b | Set default drive (Drive = 'A')
2018-12-25T12:42:47.621096205Z 59 PC: 12f92 | Change current directory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15177,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:47.759732063Z 44 PC: 12db9 | Get time 0x12db9: cmp dh, 0xa
0x12dbc: je 0x12dc4
0x12dbe: cmp dh, 0xb
0x12dc1: je 0x12dc4
0x12dc3: ret
0x12dc4: mov ah, 0x33
0x12dc6: mov al, 1
0x12dc8: mov dl, 0
0x12dca: int 0x21
0x12dcc: mov dx, 0x24e
0x12dcf: mov ah, 9
0x12dd1: int 0x21
0x12dd3: mov ax, 0x40
0x12dd6: mov ds, ax
0x12dd8: mov bx, 0x17
0x12ddb: mov cx, 0x1e
0x12dde: mov ax, 0x70
0x12de1: mov word ptr [bx], ax
0x12de3: call 0x12df6
0x12de6: mov ax, 0x80
2018-12-25T12:42:47.768076165Z 25 PC: 12c32 | Get default drive
2018-12-25T12:42:47.771172422Z 71 PC: 12c41 | Get current directory
2018-12-25T12:42:47.774450368Z 53 PC: 12f5b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.776024623Z 37 PC: 12f6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.777389237Z 14 PC: 12c4a | Set default drive (Drive = 'A')
2018-12-25T12:42:47.778626883Z 44 PC: 12c68 | Get time 0x12c68: sub dh, 0x28
0x12c6b: jge 0x12c71
0x12c6d: inc word ptr [0x21e]
0x12c71: mov ah, 0x3b
0x12c73: mov dx, 0x1d5
0x12c76: int 0x21
0x12c78: mov word ptr [0x216], 0
0x12c7e: mov word ptr [0x218], 0
0x12c84: inc word ptr [0x21e]
0x12c88: mov di, word ptr [0x21e]
0x12c8c: add di, 0x220
0x12c90: mov dl, byte ptr [di]
0x12c92: cmp dl, 0xff
0x12c95: jne 0x12c9a
0x12c97: jmp 0x12f80
0x12c9a: mov ah, 0xe
0x12c9c: mov byte ptr [0x1d4], dl
0x12ca0: int 0x21
0x12ca2: mov dl, byte ptr [0x1d4]
0x12ca6: add dl, 1
2018-12-25T12:42:47.78083575Z 59 PC: 12c78 | Change current directory
2018-12-25T12:42:47.785468225Z 14 PC: 12ca2 | Set default drive (Drive = 'D')
2018-12-25T12:42:47.787059589Z 71 PC: 12cb0 | Get current directory
2018-12-25T12:42:47.789422553Z 59 PC: 12cb7 | Change current directory
2018-12-25T12:42:47.79551634Z 26 PC: 12e38 | Set disk transfer address
2018-12-25T12:42:47.797375243Z 78 PC: 12e43 | Find first file
2018-12-25T12:42:47.804798161Z 61 PC: 12e75 | Open file (Filename = 'W W5W')
2018-12-25T12:42:47.819711447Z 66 PC: 12f38 | Move file pointer
2018-12-25T12:42:47.821834404Z 63 PC: 12f4b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.829954659Z 66 PC: 12e8e | Move file pointer
2018-12-25T12:42:47.840076548Z 63 PC: 12e9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.843382145Z 66 PC: 12eac | Move file pointer
2018-12-25T12:42:47.844983299Z 64 PC: 12ec0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:47.848847761Z 66 PC: 12ed1 | Move file pointer
2018-12-25T12:42:47.850609484Z 64 PC: 12ef8 | Write file or device (Write 9 bytes on handle 5)
2018-12-25T12:42:47.853744326Z 64 PC: 12f11 | Write file or device (Write 1268 bytes on handle 5)
2018-12-25T12:42:47.869912411Z 87 PC: 12e23 | Get or set file date and time
2018-12-25T12:42:47.872378209Z 62 PC: 12f1a | Close file
2018-12-25T12:42:47.881252107Z 37 PC: 12f7c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.882983422Z 14 PC: 12f8b | Set default drive (Drive = 'A')
2018-12-25T12:42:47.885867987Z 59 PC: 12f92 | Change current directory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":40,"TimeBased":true,"OriginalID":15177,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:47.847753612Z 44 PC: 12db9 | Get time 0x12db9: cmp dh, 0xa
0x12dbc: je 0x12dc4
0x12dbe: cmp dh, 0xb
0x12dc1: je 0x12dc4
0x12dc3: ret
0x12dc4: mov ah, 0x33
0x12dc6: mov al, 1
0x12dc8: mov dl, 0
0x12dca: int 0x21
0x12dcc: mov dx, 0x24e
0x12dcf: mov ah, 9
0x12dd1: int 0x21
0x12dd3: mov ax, 0x40
0x12dd6: mov ds, ax
0x12dd8: mov bx, 0x17
0x12ddb: mov cx, 0x1e
0x12dde: mov ax, 0x70
0x12de1: mov word ptr [bx], ax
0x12de3: call 0x12df6
0x12de6: mov ax, 0x80
2018-12-25T12:42:47.850612613Z 25 PC: 12c32 | Get default drive
2018-12-25T12:42:47.852118747Z 71 PC: 12c41 | Get current directory
2018-12-25T12:42:47.854957839Z 53 PC: 12f5b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.856892711Z 37 PC: 12f6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:47.857942444Z 14 PC: 12c4a | Set default drive (Drive = 'A')
2018-12-25T12:42:47.859132447Z 44 PC: 12c68 | Get time 0x12c68: sub dh, 0x28
0x12c6b: jge 0x12c71
0x12c6d: inc word ptr [0x21e]
0x12c71: mov ah, 0x3b
0x12c73: mov dx, 0x1d5
0x12c76: int 0x21
0x12c78: mov word ptr [0x216], 0
0x12c7e: mov word ptr [0x218], 0
0x12c84: inc word ptr [0x21e]
0x12c88: mov di, word ptr [0x21e]
0x12c8c: add di, 0x220
0x12c90: mov dl, byte ptr [di]
0x12c92: cmp dl, 0xff
0x12c95: jne 0x12c9a
0x12c97: jmp 0x12f80
0x12c9a: mov ah, 0xe
0x12c9c: mov byte ptr [0x1d4], dl
0x12ca0: int 0x21
0x12ca2: mov dl, byte ptr [0x1d4]
0x12ca6: add dl, 1
2018-12-25T12:42:47.86276728Z 59 PC: 12c78 | Change current directory
2018-12-25T12:42:47.866905515Z 14 PC: 12ca2 | Set default drive (Drive = 'C')
2018-12-25T12:42:47.868160929Z 71 PC: 12cb0 | Get current directory
2018-12-25T12:42:47.871181113Z 59 PC: 12cb7 | Change current directory
2018-12-25T12:42:47.885066157Z 26 PC: 12e38 | Set disk transfer address
2018-12-25T12:42:47.886508414Z 78 PC: 12e43 | Find first file
2018-12-25T12:42:47.891885154Z 79 PC: 12e53 | Find next file
2018-12-25T12:42:47.894474233Z 78 PC: 12e4e | Find first file
2018-12-25T12:42:47.899525433Z 71 PC: 12d72 | Get current directory
2018-12-25T12:42:47.901742919Z 79 PC: 12e53 | Find next file (See above)
2018-12-25T12:42:47.904617738Z 71 PC: 12d72 | Get current directory (See above)
2018-12-25T12:42:47.907130465Z 79 PC: 12e53 | Find next file (See above)
2018-12-25T12:42:47.909717391Z 59 PC: 12d4e | Change current directory
2018-12-25T12:42:47.916484254Z 78 PC: 12e43 | Find first file (See above)
2018-12-25T12:42:47.924719959Z 61 PC: 12e75 | Open file (Filename = 'W W5W')
2018-12-25T12:42:47.931098757Z 66 PC: 12f38 | Move file pointer
2018-12-25T12:42:47.932685988Z 63 PC: 12f4b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.938312019Z 66 PC: 12e8e | Move file pointer
2018-12-25T12:42:47.939911765Z 63 PC: 12e9c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:47.943802903Z 66 PC: 12eac | Move file pointer
2018-12-25T12:42:47.945518009Z 64 PC: 12ec0 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:47.948996422Z 66 PC: 12ed1 | Move file pointer
2018-12-25T12:42:47.951454389Z 64 PC: 12ef8 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:47.956495267Z 64 PC: 12f11 | Write file or device (Write 1268 bytes on handle 5)
2018-12-25T12:42:48.384922905Z 87 PC: 12e23 | Get or set file date and time
2018-12-25T12:42:48.387663496Z 62 PC: 12f1a | Close file
2018-12-25T12:42:48.394180975Z 37 PC: 12f7c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:48.395640947Z 14 PC: 12f8b | Set default drive (Drive = 'A')
2018-12-25T12:42:48.397877389Z 59 PC: 12f92 | Change current directory