Sample viewer

vx.netlux.org/Virus.DOS.Rael.3211

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:40.265375562Z 187 PC: 13883 | UNKNOWN!
2018-12-17T22:16:40.267701251Z 53 PC: 12c78 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:40.268903302Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:40.270166024Z 74 PC: 12ce6 | Reallocate memory
2018-12-17T22:16:40.272631274Z 75 PC: 12d33 | Execute program
2018-12-17T22:16:40.288007932Z 9 PC: 145bb | Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-17T22:16:40.293096654Z 76 PC: 145bf | Terminate with return code (Return code = '36')
2018-12-17T22:16:40.296924893Z 73 PC: 12d4c | Release memory
2018-12-17T22:16:40.299397887Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\sys.com')
2018-12-17T22:16:40.309724756Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:16:40.316192442Z 62 PC: 12ecd | Close file
2018-12-17T22:16:40.318576272Z 67 PC: 12f26 | Get or set file attributes
2018-12-17T22:16:40.324978464Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\sys.com')
2018-12-17T22:16:40.332145316Z 87 PC: 12f6a | Get or set file date and time
2018-12-17T22:16:40.334420481Z 62 PC: 12f82 | Close file
2018-12-17T22:16:40.336500309Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.338017381Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.34104696Z 67 PC: 13063 | Get or set file attributes
2018-12-17T22:16:40.680413604Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.683348276Z 72 PC: 1309e | Allocate memory
2018-12-17T22:16:40.685651499Z 61 PC: 130c0 | Open file (Filename = '')
2018-12-17T22:16:40.692829497Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:16:40.701572054Z 62 PC: 1312a | Close file
2018-12-17T22:16:40.704437999Z 60 PC: 131b6 | Create or truncate file
2018-12-17T22:16:40.716478467Z 64 PC: 131de | Write file or device (Write 9440 bytes on handle 5)
2018-12-17T22:16:40.726952798Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:16:40.737471388Z 62 PC: 132ba | Close file
2018-12-17T22:16:40.745160792Z 73 PC: 132c8 | Release memory
2018-12-17T22:16:40.746771957Z 61 PC: 12fa4 | Open file (Filename = '*U &0g &I s3-')
2018-12-17T22:16:40.754714313Z 87 PC: 12fc7 | Get or set file date and time
2018-12-17T22:16:40.756577451Z 62 PC: 12fd5 | Close file
2018-12-17T22:16:40.762930994Z 67 PC: 12ff6 | Get or set file attributes
2018-12-17T22:16:40.774543909Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\dosshell.com')
2018-12-17T22:16:40.784342484Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\format.com')
2018-12-17T22:16:40.791364047Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:16:40.798134495Z 62 PC: 12ecd | Close file
2018-12-17T22:16:40.800332895Z 67 PC: 12f26 | Get or set file attributes
2018-12-17T22:16:40.806407632Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\format.com')
2018-12-17T22:16:40.81361585Z 87 PC: 12f6a | Get or set file date and time
2018-12-17T22:16:40.816263805Z 62 PC: 12f82 | Close file
2018-12-17T22:16:40.818111332Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.81937574Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.821005333Z 67 PC: 13063 | Get or set file attributes
2018-12-17T22:16:40.831087768Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.832450249Z 72 PC: 1309e | Allocate memory
2018-12-17T22:16:40.838941687Z 61 PC: 130c0 | Open file (Filename = 'u&� ')
2018-12-17T22:16:40.845779288Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:16:40.855712345Z 62 PC: 1312a | Close file
2018-12-17T22:16:40.858796746Z 60 PC: 131b6 | Create or truncate file
2018-12-17T22:16:40.870869725Z 64 PC: 131de | Write file or device (Write 22976 bytes on handle 5)
2018-12-17T22:16:40.886746712Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:16:40.895599917Z 62 PC: 132ba | Close file
2018-12-17T22:16:40.903915492Z 73 PC: 132c8 | Release memory
2018-12-17T22:16:40.905583791Z 61 PC: 12fa4 | Open file (Filename = ' q3/')
2018-12-17T22:16:40.913581021Z 87 PC: 12fc7 | Get or set file date and time
2018-12-17T22:16:40.915402575Z 62 PC: 12fd5 | Close file
2018-12-17T22:16:40.92173312Z 67 PC: 12ff6 | Get or set file attributes
2018-12-17T22:16:40.932699781Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\keyb.com')
2018-12-17T22:16:40.939858512Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:16:40.945613195Z 62 PC: 12ecd | Close file
2018-12-17T22:16:40.948677126Z 67 PC: 12f26 | Get or set file attributes
2018-12-17T22:16:40.9550351Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\keyb.com')
2018-12-17T22:16:40.962152212Z 87 PC: 12f6a | Get or set file date and time
2018-12-17T22:16:40.964871446Z 62 PC: 12f82 | Close file
2018-12-17T22:16:40.967901626Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.969361805Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.971680115Z 67 PC: 13063 | Get or set file attributes
2018-12-17T22:16:40.981547037Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:40.983002969Z 72 PC: 1309e | Allocate memory
2018-12-17T22:16:40.985767998Z 61 PC: 130c0 | Open file (Filename = 'X�&�')
2018-12-17T22:16:40.992889545Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:16:41.001297787Z 62 PC: 1312a | Close file
2018-12-17T22:16:41.004255923Z 60 PC: 131b6 | Create or truncate file
2018-12-17T22:16:41.016512626Z 64 PC: 131de | Write file or device (Write 15760 bytes on handle 5)
2018-12-17T22:16:41.027361266Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-17T22:16:41.036834919Z 62 PC: 132ba | Close file
2018-12-17T22:16:41.044458141Z 73 PC: 132c8 | Release memory
2018-12-17T22:16:41.045979459Z 61 PC: 12fa4 | Open file (Filename = ' w3)')
2018-12-17T22:16:41.053752044Z 87 PC: 12fc7 | Get or set file date and time
2018-12-17T22:16:41.055598226Z 62 PC: 12fd5 | Close file
2018-12-17T22:16:41.061746987Z 67 PC: 12ff6 | Get or set file attributes
2018-12-17T22:16:41.071792015Z 49 PC: 12d61 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.695852106Z 187 PC: 13883 | UNKNOWN!
2018-12-25T11:47:51.698824562Z 53 PC: 12c78 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.700674633Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.703042764Z 74 PC: 12ce6 | Reallocate memory
2018-12-25T11:47:51.705061425Z 75 PC: 12d33 | Execute program
2018-12-25T11:47:51.724094411Z 9 PC: 145bb | Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:51.730461484Z 76 PC: 145bf | Terminate with return code (Return code = '36')
2018-12-25T11:47:51.735158411Z 73 PC: 12d4c | Release memory
2018-12-25T11:47:51.737801502Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.748838001Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:51.755782343Z 62 PC: 12ecd | Close file
2018-12-25T11:47:51.758879231Z 67 PC: 12f26 | Get or set file attributes
2018-12-25T11:47:51.766294337Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.774635353Z 87 PC: 12f6a | Get or set file date and time
2018-12-25T11:47:51.777798453Z 62 PC: 12f82 | Close file
2018-12-25T11:47:51.78415973Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.786658422Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.788487553Z 67 PC: 13063 | Get or set file attributes
2018-12-25T11:47:52.790239004Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.792435035Z 72 PC: 1309e | Allocate memory
2018-12-25T11:47:52.794684827Z 61 PC: 130c0 | Open file (Filename = '')
2018-12-25T11:47:52.80451482Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:52.813460582Z 62 PC: 1312a | Close file
2018-12-25T11:47:52.815551596Z 60 PC: 131b6 | Create or truncate file
2018-12-25T11:47:52.833620149Z 64 PC: 131de | Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:52.888263372Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:53.169107227Z 62 PC: 132ba | Close file
2018-12-25T11:47:53.210257773Z 73 PC: 132c8 | Release memory
2018-12-25T11:47:53.212576855Z 61 PC: 12fa4 | Open file (Filename = '�7��7��E��k�Q�������E��k�Q��� �� �E��k�Q���')
2018-12-25T11:47:53.221350639Z 87 PC: 12fc7 | Get or set file date and time
2018-12-25T11:47:53.228655108Z 62 PC: 12fd5 | Close file
2018-12-25T11:47:53.246362816Z 67 PC: 12ff6 | Get or set file attributes
2018-12-25T11:47:53.272136886Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.28437918Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.292157845Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:53.299079298Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:53.301349658Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:53.30914686Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:53.31666408Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:53.317981811Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:53.320507447Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:53.321958785Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:53.323184773Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:53.43536263Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:53.436724554Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:53.438987819Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:53.447133471Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:53.457839344Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:53.461079418Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:53.517629969Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:53.588261657Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:53.634452347Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:53.696339619Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:53.698338579Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:53.70662966Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:53.709667136Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:53.731662795Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:53.757421502Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.765013076Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:53.771512806Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:53.773525332Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:53.779832576Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:53.787885188Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:53.78955122Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:53.791753049Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:53.80435984Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:53.805666708Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:54.00621088Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:54.009344238Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:54.011063377Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:54.019838355Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:54.029715063Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:54.032176024Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:54.102507129Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:54.147777578Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:54.170387253Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:54.215984975Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:54.219732327Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:54.230820265Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:54.232910414Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:54.870943268Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:55.376314485Z 49 PC: 12d61 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.746091748Z 187 PC: 13883 | UNKNOWN!
2018-12-25T11:47:51.748057887Z 53 PC: 12c78 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.764977487Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.766845621Z 74 PC: 12ce6 | Reallocate memory
2018-12-25T11:47:51.768854363Z 75 PC: 12d33 | Execute program
2018-12-25T11:47:51.788221615Z 9 PC: 145bb | Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:51.794608531Z 76 PC: 145bf | Terminate with return code (Return code = '36')
2018-12-25T11:47:51.798422886Z 73 PC: 12d4c | Release memory
2018-12-25T11:47:51.801203681Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.812238049Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:51.818440936Z 62 PC: 12ecd | Close file
2018-12-25T11:47:51.822385142Z 67 PC: 12f26 | Get or set file attributes
2018-12-25T11:47:51.829870902Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.838274885Z 87 PC: 12f6a | Get or set file date and time
2018-12-25T11:47:51.840889982Z 62 PC: 12f82 | Close file
2018-12-25T11:47:51.84336879Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.845205994Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.851486643Z 67 PC: 13063 | Get or set file attributes
2018-12-25T11:47:52.791142935Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.79301214Z 72 PC: 1309e | Allocate memory
2018-12-25T11:47:52.795514685Z 61 PC: 130c0 | Open file (Filename = '')
2018-12-25T11:47:52.80410144Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:52.813587992Z 62 PC: 1312a | Close file
2018-12-25T11:47:52.81610803Z 60 PC: 131b6 | Create or truncate file
2018-12-25T11:47:52.83805123Z 64 PC: 131de | Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:52.887792201Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:52.93868954Z 62 PC: 132ba | Close file
2018-12-25T11:47:53.1068683Z 73 PC: 132c8 | Release memory
2018-12-25T11:47:53.108498519Z 61 PC: 12fa4 | Open file
2018-12-25T11:47:53.116318043Z 87 PC: 12fc7 | Get or set file date and time
2018-12-25T11:47:53.119308397Z 62 PC: 12fd5 | Close file
2018-12-25T11:47:53.168865102Z 67 PC: 12ff6 | Get or set file attributes
2018-12-25T11:47:53.210129245Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.224117929Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.232795298Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:53.240046975Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:53.243183961Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:53.24864527Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:53.256462405Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:53.257746047Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:53.259912275Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:53.260945754Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:53.261879797Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:53.282296824Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:53.283236427Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:53.284468889Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:53.289382301Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:53.296008404Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:53.297374607Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:53.460682094Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:53.516880989Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:53.532086407Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:53.634843414Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:53.636359449Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:53.643948123Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:53.646063976Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:53.680901133Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:53.731563882Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.739834874Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:53.746014945Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:53.748345535Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:53.756583593Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:53.764992453Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:53.766432528Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:53.768481337Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:53.771264452Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:53.773166634Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:53.792144073Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:53.794603416Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:53.796794737Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:53.805856901Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:53.816379034Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:53.818322594Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:54.006429945Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:54.037240916Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:54.102469704Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:54.147404516Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:54.150986736Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:54.164798984Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:54.170268995Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:54.216208958Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:54.870865454Z 49 PC: 12d61 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.868888258Z 187 PC: 13883 | UNKNOWN!
2018-12-25T11:47:51.871038787Z 53 PC: 12c78 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.872474565Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.873931111Z 74 PC: 12ce6 | Reallocate memory
2018-12-25T11:47:51.875707285Z 75 PC: 12d33 | Execute program
2018-12-25T11:47:51.894049823Z 9 PC: 145bb | Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:51.900007792Z 76 PC: 145bf | Terminate with return code (Return code = '36')
2018-12-25T11:47:51.903340844Z 73 PC: 12d4c | Release memory
2018-12-25T11:47:51.908630302Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.91984026Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:51.92703712Z 62 PC: 12ecd | Close file
2018-12-25T11:47:51.930439266Z 67 PC: 12f26 | Get or set file attributes
2018-12-25T11:47:51.937932854Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:51.947417075Z 87 PC: 12f6a | Get or set file date and time
2018-12-25T11:47:51.972751268Z 62 PC: 12f82 | Close file
2018-12-25T11:47:51.974776907Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.975971604Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.977919976Z 67 PC: 13063 | Get or set file attributes
2018-12-25T11:47:52.790536117Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.79220446Z 72 PC: 1309e | Allocate memory
2018-12-25T11:47:52.794495954Z 61 PC: 130c0 | Open file (Filename = '')
2018-12-25T11:47:52.805199368Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:52.815023196Z 62 PC: 1312a | Close file
2018-12-25T11:47:52.817602219Z 60 PC: 131b6 | Create or truncate file
2018-12-25T11:47:52.91575562Z 64 PC: 131de | Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:52.93826916Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:52.980081136Z 62 PC: 132ba | Close file
2018-12-25T11:47:53.048404877Z 73 PC: 132c8 | Release memory
2018-12-25T11:47:53.050123903Z 61 PC: 12fa4 | Open file
2018-12-25T11:47:53.058746069Z 87 PC: 12fc7 | Get or set file date and time
2018-12-25T11:47:53.068166672Z 62 PC: 12fd5 | Close file
2018-12-25T11:47:53.106739236Z 67 PC: 12ff6 | Get or set file attributes
2018-12-25T11:47:53.126804636Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.138125094Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.146268627Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:53.152242451Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:53.154937662Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:53.162245537Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:53.170894487Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:53.173708785Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:53.176131899Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:53.177573963Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:53.179169865Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:53.209663179Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:53.211100554Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:53.212880149Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:53.220708665Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:53.232831596Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:53.235059922Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:53.272536892Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:53.325235893Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:53.346835407Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:53.403261903Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:53.404749962Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:53.412589963Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:53.41478644Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:53.433584671Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:53.460193755Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:53.469023713Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:53.475423687Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:53.477456411Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:53.484678318Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:53.49266651Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:53.494325398Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:53.496646633Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:53.498527711Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:53.500186326Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:53.758077195Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:53.759373017Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:53.761075797Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:53.769329245Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:53.780123715Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:53.782289507Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:53.822131158Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:54.016126852Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:54.037538559Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:54.102451922Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:54.104229612Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:54.111751023Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:54.113399784Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:54.147935214Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:54.169951403Z 49 PC: 12d61 | Terminate and stay resident (Return code = '1' | Memory size = '233')

{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2961,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:52.139040926Z 187 PC: 13883 | UNKNOWN!
2018-12-25T11:47:52.141026506Z 53 PC: 12c78 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:52.142102905Z 37 PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:52.143251175Z 74 PC: 12ce6 | Reallocate memory
2018-12-25T11:47:52.145317257Z 75 PC: 12d33 | Execute program
2018-12-25T11:47:52.160591221Z 9 PC: 145bb | Display string (String= ' RAEL IMPERIAL AEROSOL KID ')
2018-12-25T11:47:52.165788582Z 76 PC: 145bf | Terminate with return code (Return code = '36')
2018-12-25T11:47:52.169343189Z 73 PC: 12d4c | Release memory
2018-12-25T11:47:52.170834219Z 61 PC: 12ea9 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:52.181014268Z 63 PC: 12ec5 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:52.187784482Z 62 PC: 12ecd | Close file
2018-12-25T11:47:52.189712804Z 67 PC: 12f26 | Get or set file attributes
2018-12-25T11:47:52.195710298Z 61 PC: 12f53 | Open file (Filename = 'c:\dos\sys.com')
2018-12-25T11:47:52.202940934Z 87 PC: 12f6a | Get or set file date and time
2018-12-25T11:47:52.20457703Z 62 PC: 12f82 | Close file
2018-12-25T11:47:52.206385545Z 53 PC: 13025 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.207832434Z 37 PC: 13042 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:52.209652469Z 67 PC: 13063 | Get or set file attributes
2018-12-25T11:47:53.232671014Z 37 PC: 13081 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:53.233931823Z 72 PC: 1309e | Allocate memory
2018-12-25T11:47:53.23597838Z 61 PC: 130c0 | Open file (Filename = '')
2018-12-25T11:47:53.240225362Z 63 PC: 130e9 | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T11:47:53.245042492Z 62 PC: 1312a | Close file
2018-12-25T11:47:53.246978322Z 60 PC: 131b6 | Create or truncate file
2018-12-25T11:47:53.320053916Z 64 PC: 131de | Write file or device (Write 9440 bytes on handle 5)
2018-12-25T11:47:53.396692739Z 64 PC: 132a8 | Write file or device (Write 3211 bytes on handle 5)
2018-12-25T11:47:53.494606442Z 62 PC: 132ba | Close file
2018-12-25T11:47:53.614728423Z 73 PC: 132c8 | Release memory
2018-12-25T11:47:53.616137619Z 61 PC: 12fa4 | Open file
2018-12-25T11:47:53.623572176Z 87 PC: 12fc7 | Get or set file date and time
2018-12-25T11:47:53.625005849Z 62 PC: 12fd5 | Close file
2018-12-25T11:47:53.940927136Z 67 PC: 12ff6 | Get or set file attributes
2018-12-25T11:47:54.672674259Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:54.678938103Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:54.683862306Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:54.689771821Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:54.691550197Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:54.697335409Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:54.704526324Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:54.705845089Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:54.707503285Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:54.709183887Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:54.710202649Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:54.757170999Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:54.759032888Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:54.760617673Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:54.76741669Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:54.777458362Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:54.779346086Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:55.106220343Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:55.120651806Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:55.128744384Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:55.135982238Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:55.13760109Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:55.14463606Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:55.147293456Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:55.153728731Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:55.164539502Z 61 PC: 12ea9 | Open file (See above)
2018-12-25T11:47:55.171477558Z 63 PC: 12ec5 | Read file or device (See above)
2018-12-25T11:47:55.177957051Z 62 PC: 12ecd | Close file (See above)
2018-12-25T11:47:55.180287531Z 67 PC: 12f26 | Get or set file attributes (See above)
2018-12-25T11:47:55.186245765Z 61 PC: 12f53 | Open file (See above)
2018-12-25T11:47:55.193586027Z 87 PC: 12f6a | Get or set file date and time (See above)
2018-12-25T11:47:55.196354148Z 62 PC: 12f82 | Close file (See above)
2018-12-25T11:47:55.198017873Z 53 PC: 13025 | Get interrupt vector (See above)
2018-12-25T11:47:55.199110765Z 37 PC: 13042 | Set interrupt vector (See above)
2018-12-25T11:47:55.201476963Z 67 PC: 13063 | Get or set file attributes (See above)
2018-12-25T11:47:55.212069839Z 37 PC: 13081 | Set interrupt vector (See above)
2018-12-25T11:47:55.213247628Z 72 PC: 1309e | Allocate memory (See above)
2018-12-25T11:47:55.216258564Z 61 PC: 130c0 | Open file (See above)
2018-12-25T11:47:55.223864029Z 63 PC: 130e9 | Read file or device (See above)
2018-12-25T11:47:55.233026306Z 62 PC: 1312a | Close file (See above)
2018-12-25T11:47:55.235824213Z 60 PC: 131b6 | Create or truncate file (See above)
2018-12-25T11:47:55.248359852Z 64 PC: 131de | Write file or device (See above)
2018-12-25T11:47:55.259534001Z 64 PC: 132a8 | Write file or device (See above)
2018-12-25T11:47:55.268251478Z 62 PC: 132ba | Close file (See above)
2018-12-25T11:47:55.276021314Z 73 PC: 132c8 | Release memory (See above)
2018-12-25T11:47:55.277462128Z 61 PC: 12fa4 | Open file (See above)
2018-12-25T11:47:55.284933882Z 87 PC: 12fc7 | Get or set file date and time (See above)
2018-12-25T11:47:55.286400208Z 62 PC: 12fd5 | Close file (See above)
2018-12-25T11:47:55.292198994Z 67 PC: 12ff6 | Get or set file attributes (See above)
2018-12-25T11:47:55.303344558Z 49 PC: 12d61 | Terminate and stay resident (Return code = '1' | Memory size = '233')