Sample viewer

vx.netlux.org/Virus.DOS.Kiske.1086

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:52.416407093Z 53 PC: 12abf | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:57:52.417897344Z 37 PC: 12aca | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:57:52.428718736Z 53 PC: 12acf | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:57:52.430575387Z 44 PC: 12adc | Get time 0x12adc: cmp ch, 0xd
0x12adf: jbe 0x12aeb
0x12ae1: mov ah, 9
0x12ae3: lea dx, word ptr [bp + 0x1da]
0x12ae7: int 0x21
0x12ae9: int 0x20
0x12aeb: mov ah, 0x1a
0x12aed: lea dx, word ptr [bp + 0x52b]
0x12af1: int 0x21
0x12af3: mov ax, 0xfa01
0x12af6: mov dx, 0x5945
0x12af9: int 0x21
0x12afb: mov ah, 0x4e
0x12afd: xor cx, cx
0x12aff: lea dx, word ptr [bp + 0x3d2]
0x12b03: int 0x21
0x12b05: jae 0x12b21
0x12b07: mov ah, 0x1a
0x12b09: mov dx, 0x80
0x12b0c: int 0x21
2018-12-17T22:57:52.433910496Z 26 PC: 12af3 | Set disk transfer address
2018-12-17T22:57:52.436809966Z 250 PC: 12afb | UNKNOWN!
2018-12-17T22:57:52.439451461Z 78 PC: 12b05 | Find first file
2018-12-17T22:57:52.447685209Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:52.45773513Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:52.469553467Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:52.47361421Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:52.493660302Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:52.495862371Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:52.512475821Z 62 PC: 12b73 | Close file
2018-12-17T22:57:52.525797372Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:52.530380838Z 61 PC: 12b2a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:52.537973811Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:52.545253826Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:52.548183894Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:52.556383347Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:52.558523179Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:52.567073692Z 62 PC: 12b73 | Close file
2018-12-17T22:57:52.576164541Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:52.579548172Z 61 PC: 12b2a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:52.588375165Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:52.596004917Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:52.598352229Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:52.608596887Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:52.626333537Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:52.6340432Z 62 PC: 12b73 | Close file
2018-12-17T22:57:52.683520205Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:52.687721002Z 61 PC: 12b2a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:52.694995797Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:52.701934941Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:52.707047512Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:52.979072959Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:52.981290467Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:52.990434145Z 62 PC: 12b73 | Close file
2018-12-17T22:57:53.187344492Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:53.190815997Z 61 PC: 12b2a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:53.199877751Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:53.207044023Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:53.208663557Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:53.358134177Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:53.361076559Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:53.368666766Z 62 PC: 12b73 | Close file
2018-12-17T22:57:53.378312858Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:53.383105608Z 61 PC: 12b2a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:53.391085478Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:53.398540812Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:53.400936235Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:53.410525742Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:53.412143242Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:53.420195418Z 62 PC: 12b73 | Close file
2018-12-17T22:57:53.429300143Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:53.432501251Z 61 PC: 12b2a | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:53.44050214Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:53.448835335Z 66 PC: 12b47 | Move file pointer
2018-12-17T22:57:53.450691554Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-17T22:57:53.464066385Z 66 PC: 12b64 | Move file pointer
2018-12-17T22:57:53.46604272Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:53.473693352Z 62 PC: 12b73 | Close file
2018-12-17T22:57:53.482673984Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:53.486835135Z 61 PC: 12b2a | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:53.494090954Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:53.497157259Z 62 PC: 12b73 | Close file
2018-12-17T22:57:53.500417167Z 79 PC: 12b77 | Find next file
2018-12-17T22:57:53.503402939Z 26 PC: 12b0e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:00.743070467Z 53 PC: 12abf | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:36:00.745151334Z 37 PC: 12aca | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:36:00.746665777Z 53 PC: 12acf | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:36:00.748180075Z 44 PC: 12adc | Get time 0x12adc: cmp ch, 0xd
0x12adf: jbe 0x12aeb
0x12ae1: mov ah, 9
0x12ae3: lea dx, word ptr [bp + 0x1da]
0x12ae7: int 0x21
0x12ae9: int 0x20
0x12aeb: mov ah, 0x1a
0x12aed: lea dx, word ptr [bp + 0x52b]
0x12af1: int 0x21
0x12af3: mov ax, 0xfa01
0x12af6: mov dx, 0x5945
0x12af9: int 0x21
0x12afb: mov ah, 0x4e
0x12afd: xor cx, cx
0x12aff: lea dx, word ptr [bp + 0x3d2]
0x12b03: int 0x21
0x12b05: jae 0x12b21
0x12b07: mov ah, 0x1a
0x12b09: mov dx, 0x80
0x12b0c: int 0x21
2018-12-25T12:36:00.751553057Z 26 PC: 12af3 | Set disk transfer address
2018-12-25T12:36:00.752806965Z 250 PC: 12afb | UNKNOWN!
2018-12-25T12:36:00.753718797Z 78 PC: 12b05 | Find first file
2018-12-25T12:36:00.760731395Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:00.767648828Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:36:00.7740061Z 66 PC: 12b47 | Move file pointer
2018-12-25T12:36:00.776330284Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-25T12:36:00.79243373Z 66 PC: 12b64 | Move file pointer
2018-12-25T12:36:00.794693276Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:00.801179562Z 62 PC: 12b73 | Close file
2018-12-25T12:36:00.810046614Z 79 PC: 12b77 | Find next file
2018-12-25T12:36:00.812962544Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:00.819657658Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:00.826998971Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:00.828455828Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:00.836944781Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:00.839482713Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:00.854419448Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:00.865715177Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:00.869937248Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:00.880823391Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:00.887537424Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:00.889389597Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:00.898119805Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:00.899571221Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:00.916488246Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:00.931916979Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:00.934951988Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:00.942960714Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:00.949521841Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:00.951222924Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:00.960753268Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:00.962199917Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:00.968628823Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:00.977409691Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:00.98009414Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:00.986757394Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:00.993176972Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:00.995268987Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.004167427Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.005690925Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.013483812Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.021720671Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.024254234Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.031357286Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.037578368Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.038962127Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.047977364Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.049686624Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.05640991Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.065137329Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.06792641Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.075193212Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.090158571Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.091992073Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.10041873Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.102844787Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.109684637Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.117761818Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.121226396Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.128180141Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.130719648Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.133235993Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.135779503Z 26 PC: 12b0e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:00.93625347Z 53 PC: 12abf | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:36:00.939077Z 37 PC: 12aca | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:36:00.941643646Z 53 PC: 12acf | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:36:00.943977728Z 44 PC: 12adc | Get time 0x12adc: cmp ch, 0xd
0x12adf: jbe 0x12aeb
0x12ae1: mov ah, 9
0x12ae3: lea dx, word ptr [bp + 0x1da]
0x12ae7: int 0x21
0x12ae9: int 0x20
0x12aeb: mov ah, 0x1a
0x12aed: lea dx, word ptr [bp + 0x52b]
0x12af1: int 0x21
0x12af3: mov ax, 0xfa01
0x12af6: mov dx, 0x5945
0x12af9: int 0x21
0x12afb: mov ah, 0x4e
0x12afd: xor cx, cx
0x12aff: lea dx, word ptr [bp + 0x3d2]
0x12b03: int 0x21
0x12b05: jae 0x12b21
0x12b07: mov ah, 0x1a
0x12b09: mov dx, 0x80
0x12b0c: int 0x21
2018-12-25T12:36:00.946421809Z 26 PC: 12af3 | Set disk transfer address
2018-12-25T12:36:00.947747412Z 250 PC: 12afb | UNKNOWN!
2018-12-25T12:36:00.949448463Z 78 PC: 12b05 | Find first file
2018-12-25T12:36:00.955405563Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:00.961972943Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:36:00.968794596Z 66 PC: 12b47 | Move file pointer
2018-12-25T12:36:00.970176633Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-25T12:36:00.984912016Z 66 PC: 12b64 | Move file pointer
2018-12-25T12:36:00.987810419Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:00.994272668Z 62 PC: 12b73 | Close file
2018-12-25T12:36:01.001996788Z 79 PC: 12b77 | Find next file
2018-12-25T12:36:01.005108114Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.011432514Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.017948102Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.01981701Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.028226451Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.029738135Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.037243585Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.045258335Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.047836232Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.055567622Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.061731098Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.06300203Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.072383875Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.074486383Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.081165321Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.08988915Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.09272747Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.099262542Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.106369953Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.108377684Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.117217976Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.118777308Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.12556048Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.133459182Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.136192577Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.143497394Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.149487955Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.150960214Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.159806652Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.161092254Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.167426904Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.176132776Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.178594365Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.185339945Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.191941861Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.19326507Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.201612389Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.203013141Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.210028194Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.217956711Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.220650117Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.227974074Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.234611644Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:01.236158192Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:01.245106624Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:01.247366401Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:01.253693816Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.262098126Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.264517405Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:01.270779342Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:01.274144741Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:01.276159551Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:01.278632232Z 26 PC: 12b0e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:02.041058481Z 53 PC: 12abf | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:36:02.04295464Z 37 PC: 12aca | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:36:02.044292141Z 53 PC: 12acf | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:36:02.045654961Z 44 PC: 12adc | Get time 0x12adc: cmp ch, 0xd
0x12adf: jbe 0x12aeb
0x12ae1: mov ah, 9
0x12ae3: lea dx, word ptr [bp + 0x1da]
0x12ae7: int 0x21
0x12ae9: int 0x20
0x12aeb: mov ah, 0x1a
0x12aed: lea dx, word ptr [bp + 0x52b]
0x12af1: int 0x21
0x12af3: mov ax, 0xfa01
0x12af6: mov dx, 0x5945
0x12af9: int 0x21
0x12afb: mov ah, 0x4e
0x12afd: xor cx, cx
0x12aff: lea dx, word ptr [bp + 0x3d2]
0x12b03: int 0x21
0x12b05: jae 0x12b21
0x12b07: mov ah, 0x1a
0x12b09: mov dx, 0x80
0x12b0c: int 0x21
2018-12-25T12:36:02.048564014Z 26 PC: 12af3 | Set disk transfer address
2018-12-25T12:36:02.050168199Z 250 PC: 12afb | UNKNOWN!
2018-12-25T12:36:02.051217697Z 78 PC: 12b05 | Find first file
2018-12-25T12:36:02.058152931Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:02.064824268Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:36:02.071137915Z 66 PC: 12b47 | Move file pointer
2018-12-25T12:36:02.073211902Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-25T12:36:02.087821404Z 66 PC: 12b64 | Move file pointer
2018-12-25T12:36:02.08944837Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:02.096581961Z 62 PC: 12b73 | Close file
2018-12-25T12:36:02.104548782Z 79 PC: 12b77 | Find next file
2018-12-25T12:36:02.107015971Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.113168092Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.121064844Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:02.122834476Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:02.131266889Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:02.134035306Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:02.140597094Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.148658176Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.151911888Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.159371637Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.165669539Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:02.168871199Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:02.178281998Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:02.180741174Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:02.189453576Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.198583504Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.201368342Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.208518471Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.214814957Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:02.216208481Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:02.226325105Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:02.228059969Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:02.234672704Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.243031363Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.246179093Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.25278976Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.259128506Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:02.261876562Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:02.270383101Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:02.272019144Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:02.279303865Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.287775543Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.290649854Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.298748785Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.305034675Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:02.306686149Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:02.316171806Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:02.317820518Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:02.32490938Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.333738591Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.336428985Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.342994869Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.350051744Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:02.351476281Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:02.360206427Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:02.36224156Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:02.368887711Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.37685753Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.380005688Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:02.386287213Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:02.388682592Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:02.390508817Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:02.393251991Z 26 PC: 12b0e | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:03.292002973Z 53 PC: 12abf | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:36:03.29350487Z 37 PC: 12aca | Set interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T12:36:03.295389837Z 53 PC: 12acf | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:36:03.297121066Z 44 PC: 12adc | Get time 0x12adc: cmp ch, 0xd
0x12adf: jbe 0x12aeb
0x12ae1: mov ah, 9
0x12ae3: lea dx, word ptr [bp + 0x1da]
0x12ae7: int 0x21
0x12ae9: int 0x20
0x12aeb: mov ah, 0x1a
0x12aed: lea dx, word ptr [bp + 0x52b]
0x12af1: int 0x21
0x12af3: mov ax, 0xfa01
0x12af6: mov dx, 0x5945
0x12af9: int 0x21
0x12afb: mov ah, 0x4e
0x12afd: xor cx, cx
0x12aff: lea dx, word ptr [bp + 0x3d2]
0x12b03: int 0x21
0x12b05: jae 0x12b21
0x12b07: mov ah, 0x1a
0x12b09: mov dx, 0x80
0x12b0c: int 0x21
2018-12-25T12:36:03.299897827Z 26 PC: 12af3 | Set disk transfer address
2018-12-25T12:36:03.302052777Z 250 PC: 12afb | UNKNOWN!
2018-12-25T12:36:03.302868932Z 78 PC: 12b05 | Find first file
2018-12-25T12:36:03.309517192Z 61 PC: 12b2a | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:03.317990595Z 63 PC: 12b36 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:36:03.325056625Z 66 PC: 12b47 | Move file pointer
2018-12-25T12:36:03.327049111Z 64 PC: 12b53 | Write file or device (Write 1064 bytes on handle 5)
2018-12-25T12:36:03.342817445Z 66 PC: 12b64 | Move file pointer
2018-12-25T12:36:03.344480404Z 64 PC: 12b6f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:03.351740989Z 62 PC: 12b73 | Close file
2018-12-25T12:36:03.360952471Z 79 PC: 12b77 | Find next file
2018-12-25T12:36:03.364805628Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.372107352Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.37918368Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:03.38869305Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:03.398375947Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:03.400289068Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:03.408586647Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.4185244Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.421898057Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.430113266Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.437590809Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:03.440121828Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:03.450799173Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:03.454136901Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:03.461981143Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.472387313Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.47628238Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.483916366Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.491347525Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:03.493867515Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:03.503564722Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:03.505051167Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:03.514405961Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.52438802Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.527291071Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.53537868Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.542447823Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:03.544022587Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:03.554939263Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:03.556823594Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:03.565127083Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.575606053Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.579762457Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.588202013Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.596118646Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:03.598968688Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:03.610052564Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:03.612134328Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:03.62081961Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.629825058Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.632797772Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.637883599Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.643390654Z 66 PC: 12b47 | Move file pointer (See above)
2018-12-25T12:36:03.644668221Z 64 PC: 12b53 | Write file or device (See above)
2018-12-25T12:36:03.654854902Z 66 PC: 12b64 | Move file pointer (See above)
2018-12-25T12:36:03.656738393Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:36:03.663820103Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.673228218Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.675735272Z 61 PC: 12b2a | Open file (See above)
2018-12-25T12:36:03.680113743Z 63 PC: 12b36 | Read file or device (See above)
2018-12-25T12:36:03.682291681Z 62 PC: 12b73 | Close file (See above)
2018-12-25T12:36:03.683859307Z 79 PC: 12b77 | Find next file (See above)
2018-12-25T12:36:03.685841343Z 26 PC: 12b0e | Set disk transfer address