Sample viewer

vx.netlux.org/Virus.DOS.Rael.3211

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:40.265375562Z	187	PC: 13883 \| UNKNOWN!
2018-12-17T22:16:40.267701251Z	53	PC: 12c78 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:40.268903302Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:40.270166024Z	74	PC: 12ce6 \| Reallocate memory
2018-12-17T22:16:40.272631274Z	75	PC: 12d33 \| Execute program
2018-12-17T22:16:40.288007932Z	9	PC: 145bb \| Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-17T22:16:40.293096654Z	76	PC: 145bf \| Terminate with return code (Return code = '36')
2018-12-17T22:16:40.296924893Z	73	PC: 12d4c \| Release memory
2018-12-17T22:16:40.299397887Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-17T22:16:40.309724756Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:16:40.316192442Z	62	PC: 12ecd \| Close file
2018-12-17T22:16:40.318576272Z	67	PC: 12f26 \| Get or set file attributes
2018-12-17T22:16:40.324978464Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-17T22:16:40.332145316Z	87	PC: 12f6a \| Get or set file date and time
2018-12-17T22:16:40.334420481Z	62	PC: 12f82 \| Close file
2018-12-17T22:16:40.336500309Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.338017381Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.34104696Z	67	PC: 13063 \| Get or set file attributes
2018-12-17T22:16:40.680413604Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.683348276Z	72	PC: 1309e \| Allocate memory
2018-12-17T22:16:40.685651499Z	61	PC: 130c0 \| Open file (Filename = '')
2018-12-17T22:16:40.692829497Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:16:40.701572054Z	62	PC: 1312a \| Close file
2018-12-17T22:16:40.704437999Z	60	PC: 131b6 \| Create or truncate file
2018-12-17T22:16:40.716478467Z	64	PC: 131de \| Write file or device (Write 9440 bytes on handle 5)
2018-12-17T22:16:40.726952798Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:16:40.737471388Z	62	PC: 132ba \| Close file
2018-12-17T22:16:40.745160792Z	73	PC: 132c8 \| Release memory
2018-12-17T22:16:40.746771957Z	61	PC: 12fa4 \| Open file (Filename = '*U&0g &I s3-')
2018-12-17T22:16:40.754714313Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-17T22:16:40.756577451Z	62	PC: 12fd5 \| Close file
2018-12-17T22:16:40.762930994Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-17T22:16:40.774543909Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\dosshell.com')
2018-12-17T22:16:40.784342484Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\format.com')
2018-12-17T22:16:40.791364047Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:16:40.798134495Z	62	PC: 12ecd \| Close file
2018-12-17T22:16:40.800332895Z	67	PC: 12f26 \| Get or set file attributes
2018-12-17T22:16:40.806407632Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\format.com')
2018-12-17T22:16:40.81361585Z	87	PC: 12f6a \| Get or set file date and time
2018-12-17T22:16:40.816263805Z	62	PC: 12f82 \| Close file
2018-12-17T22:16:40.818111332Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.81937574Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.821005333Z	67	PC: 13063 \| Get or set file attributes
2018-12-17T22:16:40.831087768Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.832450249Z	72	PC: 1309e \| Allocate memory
2018-12-17T22:16:40.838941687Z	61	PC: 130c0 \| Open file (Filename = 'u&� ')
2018-12-17T22:16:40.845779288Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:16:40.855712345Z	62	PC: 1312a \| Close file
2018-12-17T22:16:40.858796746Z	60	PC: 131b6 \| Create or truncate file
2018-12-17T22:16:40.870869725Z	64	PC: 131de \| Write file or device (Write 22976 bytes on handle 5)
2018-12-17T22:16:40.886746712Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:16:40.895599917Z	62	PC: 132ba \| Close file
2018-12-17T22:16:40.903915492Z	73	PC: 132c8 \| Release memory
2018-12-17T22:16:40.905583791Z	61	PC: 12fa4 \| Open file (Filename = ' q3/')
2018-12-17T22:16:40.913581021Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-17T22:16:40.915402575Z	62	PC: 12fd5 \| Close file
2018-12-17T22:16:40.92173312Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-17T22:16:40.932699781Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\keyb.com')
2018-12-17T22:16:40.939858512Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:16:40.945613195Z	62	PC: 12ecd \| Close file
2018-12-17T22:16:40.948677126Z	67	PC: 12f26 \| Get or set file attributes
2018-12-17T22:16:40.9550351Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\keyb.com')
2018-12-17T22:16:40.962152212Z	87	PC: 12f6a \| Get or set file date and time
2018-12-17T22:16:40.964871446Z	62	PC: 12f82 \| Close file
2018-12-17T22:16:40.967901626Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.969361805Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.971680115Z	67	PC: 13063 \| Get or set file attributes
2018-12-17T22:16:40.981547037Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.983002969Z	72	PC: 1309e \| Allocate memory
2018-12-17T22:16:40.985767998Z	61	PC: 130c0 \| Open file (Filename = 'X�&�')
2018-12-17T22:16:40.992889545Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:16:41.001297787Z	62	PC: 1312a \| Close file
2018-12-17T22:16:41.004255923Z	60	PC: 131b6 \| Create or truncate file
2018-12-17T22:16:41.016512626Z	64	PC: 131de \| Write file or device (Write 15760 bytes on handle 5)
2018-12-17T22:16:41.027361266Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:16:41.036834919Z	62	PC: 132ba \| Close file
2018-12-17T22:16:41.044458141Z	73	PC: 132c8 \| Release memory
2018-12-17T22:16:41.045979459Z	61	PC: 12fa4 \| Open file (Filename = ' w3)')
2018-12-17T22:16:41.053752044Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-17T22:16:41.055598226Z	62	PC: 12fd5 \| Close file
2018-12-17T22:16:41.061746987Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-17T22:16:41.071792015Z	49	PC: 12d61 \| Terminate and stay resident (Return code = '1' \| Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:51.695852106Z	187	PC: 13883 \| UNKNOWN!
2018-12-25T11:47:51.698824562Z	53	PC: 12c78 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.700674633Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.703042764Z	74	PC: 12ce6 \| Reallocate memory
2018-12-25T11:47:51.705061425Z	75	PC: 12d33 \| Execute program
2018-12-25T11:47:51.724094411Z	9	PC: 145bb \| Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:51.730461484Z	76	PC: 145bf \| Terminate with return code (Return code = '36')
2018-12-25T11:47:51.735158411Z	73	PC: 12d4c \| Release memory
2018-12-25T11:47:51.737801502Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.748838001Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:51.755782343Z	62	PC: 12ecd \| Close file
2018-12-25T11:47:51.758879231Z	67	PC: 12f26 \| Get or set file attributes
2018-12-25T11:47:51.766294337Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.774635353Z	87	PC: 12f6a \| Get or set file date and time
2018-12-25T11:47:51.777798453Z	62	PC: 12f82 \| Close file
2018-12-25T11:47:51.78415973Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.786658422Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.788487553Z	67	PC: 13063 \| Get or set file attributes
2018-12-25T11:47:52.790239004Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.792435035Z	72	PC: 1309e \| Allocate memory
2018-12-25T11:47:52.794684827Z	61	PC: 130c0 \| Open file (Filename = '')
2018-12-25T11:47:52.80451482Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:52.813460582Z	62	PC: 1312a \| Close file
2018-12-25T11:47:52.815551596Z	60	PC: 131b6 \| Create or truncate file
2018-12-25T11:47:52.833620149Z	64	PC: 131de \| Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:52.888263372Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:53.169107227Z	62	PC: 132ba \| Close file
2018-12-25T11:47:53.210257773Z	73	PC: 132c8 \| Release memory
2018-12-25T11:47:53.212576855Z	61	PC: 12fa4 \| Open file (Filename = '�7��7��E��k�Q��E��k�Q�� E��k�Q��')
2018-12-25T11:47:53.221350639Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-25T11:47:53.228655108Z	62	PC: 12fd5 \| Close file
2018-12-25T11:47:53.246362816Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-25T11:47:53.272136886Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.28437918Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.292157845Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:53.299079298Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:53.301349658Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:53.30914686Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:53.31666408Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:53.317981811Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:53.320507447Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:53.321958785Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:53.323184773Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:53.43536263Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:53.436724554Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:53.438987819Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:53.447133471Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:53.457839344Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:53.461079418Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:53.517629969Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:53.588261657Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:53.634452347Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:53.696339619Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:53.698338579Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:53.70662966Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:53.709667136Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:53.731662795Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:53.757421502Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.765013076Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:53.771512806Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:53.773525332Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:53.779832576Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:53.787885188Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:53.78955122Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:53.791753049Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:53.80435984Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:53.805666708Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:54.00621088Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:54.009344238Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:54.011063377Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:54.019838355Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:54.029715063Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:54.032176024Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:54.102507129Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:54.147777578Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:54.170387253Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:54.215984975Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:54.219732327Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:54.230820265Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:54.232910414Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:54.870943268Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:55.376314485Z	49	PC: 12d61 \| Terminate and stay resident (Return code = '1' \| Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:51.746091748Z	187	PC: 13883 \| UNKNOWN!
2018-12-25T11:47:51.748057887Z	53	PC: 12c78 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.764977487Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.766845621Z	74	PC: 12ce6 \| Reallocate memory
2018-12-25T11:47:51.768854363Z	75	PC: 12d33 \| Execute program
2018-12-25T11:47:51.788221615Z	9	PC: 145bb \| Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:51.794608531Z	76	PC: 145bf \| Terminate with return code (Return code = '36')
2018-12-25T11:47:51.798422886Z	73	PC: 12d4c \| Release memory
2018-12-25T11:47:51.801203681Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.812238049Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:51.818440936Z	62	PC: 12ecd \| Close file
2018-12-25T11:47:51.822385142Z	67	PC: 12f26 \| Get or set file attributes
2018-12-25T11:47:51.829870902Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.838274885Z	87	PC: 12f6a \| Get or set file date and time
2018-12-25T11:47:51.840889982Z	62	PC: 12f82 \| Close file
2018-12-25T11:47:51.84336879Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.845205994Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.851486643Z	67	PC: 13063 \| Get or set file attributes
2018-12-25T11:47:52.791142935Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.79301214Z	72	PC: 1309e \| Allocate memory
2018-12-25T11:47:52.795514685Z	61	PC: 130c0 \| Open file (Filename = '')
2018-12-25T11:47:52.80410144Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:52.813587992Z	62	PC: 1312a \| Close file
2018-12-25T11:47:52.81610803Z	60	PC: 131b6 \| Create or truncate file
2018-12-25T11:47:52.83805123Z	64	PC: 131de \| Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:52.887792201Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:52.93868954Z	62	PC: 132ba \| Close file
2018-12-25T11:47:53.1068683Z	73	PC: 132c8 \| Release memory
2018-12-25T11:47:53.108498519Z	61	PC: 12fa4 \| Open file
2018-12-25T11:47:53.116318043Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-25T11:47:53.119308397Z	62	PC: 12fd5 \| Close file
2018-12-25T11:47:53.168865102Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-25T11:47:53.210129245Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.224117929Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.232795298Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:53.240046975Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:53.243183961Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:53.24864527Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:53.256462405Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:53.257746047Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:53.259912275Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:53.260945754Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:53.261879797Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:53.282296824Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:53.283236427Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:53.284468889Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:53.289382301Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:53.296008404Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:53.297374607Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:53.460682094Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:53.516880989Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:53.532086407Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:53.634843414Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:53.636359449Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:53.643948123Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:53.646063976Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:53.680901133Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:53.731563882Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.739834874Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:53.746014945Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:53.748345535Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:53.756583593Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:53.764992453Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:53.766432528Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:53.768481337Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:53.771264452Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:53.773166634Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:53.792144073Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:53.794603416Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:53.796794737Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:53.805856901Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:53.816379034Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:53.818322594Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:54.006429945Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:54.037240916Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:54.102469704Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:54.147404516Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:54.150986736Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:54.164798984Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:54.170268995Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:54.216208958Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:54.870865454Z	49	PC: 12d61 \| Terminate and stay resident (Return code = '1' \| Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:51.868888258Z	187	PC: 13883 \| UNKNOWN!
2018-12-25T11:47:51.871038787Z	53	PC: 12c78 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.872474565Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.873931111Z	74	PC: 12ce6 \| Reallocate memory
2018-12-25T11:47:51.875707285Z	75	PC: 12d33 \| Execute program
2018-12-25T11:47:51.894049823Z	9	PC: 145bb \| Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:51.900007792Z	76	PC: 145bf \| Terminate with return code (Return code = '36')
2018-12-25T11:47:51.903340844Z	73	PC: 12d4c \| Release memory
2018-12-25T11:47:51.908630302Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.91984026Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:51.92703712Z	62	PC: 12ecd \| Close file
2018-12-25T11:47:51.930439266Z	67	PC: 12f26 \| Get or set file attributes
2018-12-25T11:47:51.937932854Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.947417075Z	87	PC: 12f6a \| Get or set file date and time
2018-12-25T11:47:51.972751268Z	62	PC: 12f82 \| Close file
2018-12-25T11:47:51.974776907Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.975971604Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.977919976Z	67	PC: 13063 \| Get or set file attributes
2018-12-25T11:47:52.790536117Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.79220446Z	72	PC: 1309e \| Allocate memory
2018-12-25T11:47:52.794495954Z	61	PC: 130c0 \| Open file (Filename = '')
2018-12-25T11:47:52.805199368Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:52.815023196Z	62	PC: 1312a \| Close file
2018-12-25T11:47:52.817602219Z	60	PC: 131b6 \| Create or truncate file
2018-12-25T11:47:52.91575562Z	64	PC: 131de \| Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:52.93826916Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:52.980081136Z	62	PC: 132ba \| Close file
2018-12-25T11:47:53.048404877Z	73	PC: 132c8 \| Release memory
2018-12-25T11:47:53.050123903Z	61	PC: 12fa4 \| Open file
2018-12-25T11:47:53.058746069Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-25T11:47:53.068166672Z	62	PC: 12fd5 \| Close file
2018-12-25T11:47:53.106739236Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-25T11:47:53.126804636Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.138125094Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.146268627Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:53.152242451Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:53.154937662Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:53.162245537Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:53.170894487Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:53.173708785Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:53.176131899Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:53.177573963Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:53.179169865Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:53.209663179Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:53.211100554Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:53.212880149Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:53.220708665Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:53.232831596Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:53.235059922Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:53.272536892Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:53.325235893Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:53.346835407Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:53.403261903Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:53.404749962Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:53.412589963Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:53.41478644Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:53.433584671Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:53.460193755Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:53.469023713Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:53.475423687Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:53.477456411Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:53.484678318Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:53.49266651Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:53.494325398Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:53.496646633Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:53.498527711Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:53.500186326Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:53.758077195Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:53.759373017Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:53.761075797Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:53.769329245Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:53.780123715Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:53.782289507Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:53.822131158Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:54.016126852Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:54.037538559Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:54.102451922Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:54.104229612Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:54.111751023Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:54.113399784Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:54.147935214Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:54.169951403Z	49	PC: 12d61 \| Terminate and stay resident (Return code = '1' \| Memory size = '233')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:52.139040926Z	187	PC: 13883 \| UNKNOWN!
2018-12-25T11:47:52.141026506Z	53	PC: 12c78 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:52.142102905Z	37	PC: 12c95 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:52.143251175Z	74	PC: 12ce6 \| Reallocate memory
2018-12-25T11:47:52.145317257Z	75	PC: 12d33 \| Execute program
2018-12-25T11:47:52.160591221Z	9	PC: 145bb \| Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:52.165788582Z	76	PC: 145bf \| Terminate with return code (Return code = '36')
2018-12-25T11:47:52.169343189Z	73	PC: 12d4c \| Release memory
2018-12-25T11:47:52.170834219Z	61	PC: 12ea9 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:52.181014268Z	63	PC: 12ec5 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:52.187784482Z	62	PC: 12ecd \| Close file
2018-12-25T11:47:52.189712804Z	67	PC: 12f26 \| Get or set file attributes
2018-12-25T11:47:52.195710298Z	61	PC: 12f53 \| Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:52.202940934Z	87	PC: 12f6a \| Get or set file date and time
2018-12-25T11:47:52.20457703Z	62	PC: 12f82 \| Close file
2018-12-25T11:47:52.206385545Z	53	PC: 13025 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.207832434Z	37	PC: 13042 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.209652469Z	67	PC: 13063 \| Get or set file attributes
2018-12-25T11:47:53.232671014Z	37	PC: 13081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:53.233931823Z	72	PC: 1309e \| Allocate memory
2018-12-25T11:47:53.23597838Z	61	PC: 130c0 \| Open file (Filename = '')
2018-12-25T11:47:53.240225362Z	63	PC: 130e9 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:53.245042492Z	62	PC: 1312a \| Close file
2018-12-25T11:47:53.246978322Z	60	PC: 131b6 \| Create or truncate file
2018-12-25T11:47:53.320053916Z	64	PC: 131de \| Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:53.396692739Z	64	PC: 132a8 \| Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:53.494606442Z	62	PC: 132ba \| Close file
2018-12-25T11:47:53.614728423Z	73	PC: 132c8 \| Release memory
2018-12-25T11:47:53.616137619Z	61	PC: 12fa4 \| Open file
2018-12-25T11:47:53.623572176Z	87	PC: 12fc7 \| Get or set file date and time
2018-12-25T11:47:53.625005849Z	62	PC: 12fd5 \| Close file
2018-12-25T11:47:53.940927136Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-25T11:47:54.672674259Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:54.678938103Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:54.683862306Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:54.689771821Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:54.691550197Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:54.697335409Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:54.704526324Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:54.705845089Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:54.707503285Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:54.709183887Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:54.710202649Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:54.757170999Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:54.759032888Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:54.760617673Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:54.76741669Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:54.777458362Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:54.779346086Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:55.106220343Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:55.120651806Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:55.128744384Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:55.135982238Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:55.13760109Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:55.14463606Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:55.147293456Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:55.153728731Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:55.164539502Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:47:55.171477558Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:47:55.177957051Z	62	PC: 12ecd \| Close file (See above)
2018-12-25T11:47:55.180287531Z	67	PC: 12f26 \| Get or set file attributes (See above)
2018-12-25T11:47:55.186245765Z	61	PC: 12f53 \| Open file (See above)
2018-12-25T11:47:55.193586027Z	87	PC: 12f6a \| Get or set file date and time (See above)
2018-12-25T11:47:55.196354148Z	62	PC: 12f82 \| Close file (See above)
2018-12-25T11:47:55.198017873Z	53	PC: 13025 \| Get interrupt vector (See above)
2018-12-25T11:47:55.199110765Z	37	PC: 13042 \| Set interrupt vector (See above)
2018-12-25T11:47:55.201476963Z	67	PC: 13063 \| Get or set file attributes (See above)
2018-12-25T11:47:55.212069839Z	37	PC: 13081 \| Set interrupt vector (See above)
2018-12-25T11:47:55.213247628Z	72	PC: 1309e \| Allocate memory (See above)
2018-12-25T11:47:55.216258564Z	61	PC: 130c0 \| Open file (See above)
2018-12-25T11:47:55.223864029Z	63	PC: 130e9 \| Read file or device (See above)
2018-12-25T11:47:55.233026306Z	62	PC: 1312a \| Close file (See above)
2018-12-25T11:47:55.235824213Z	60	PC: 131b6 \| Create or truncate file (See above)
2018-12-25T11:47:55.248359852Z	64	PC: 131de \| Write file or device (See above)
2018-12-25T11:47:55.259534001Z	64	PC: 132a8 \| Write file or device (See above)
2018-12-25T11:47:55.268251478Z	62	PC: 132ba \| Close file (See above)
2018-12-25T11:47:55.276021314Z	73	PC: 132c8 \| Release memory (See above)
2018-12-25T11:47:55.277462128Z	61	PC: 12fa4 \| Open file (See above)
2018-12-25T11:47:55.284933882Z	87	PC: 12fc7 \| Get or set file date and time (See above)
2018-12-25T11:47:55.286400208Z	62	PC: 12fd5 \| Close file (See above)
2018-12-25T11:47:55.292198994Z	67	PC: 12ff6 \| Get or set file attributes (See above)
2018-12-25T11:47:55.303344558Z	49	PC: 12d61 \| Terminate and stay resident (Return code = '1' \| Memory size = '233')