Sample viewer

vx.netlux.org/Virus.DOS.Morphine.3500

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:55.48454892Z 48 PC: 12c92 | Get DOS version
2018-12-17T22:38:55.57155878Z 84 PC: 12d76 | Get verify flag
2018-12-17T22:38:55.573200767Z 82 PC: 12d8a | Get DOS internal pointers (SYSVARS)
2018-12-17T22:38:55.574637718Z 74 PC: 12e0e | Reallocate memory
2018-12-17T22:38:55.576462003Z 72 PC: 12e14 | Allocate memory
2018-12-17T22:38:55.579409621Z 98 PC: 12e47 | Get current PSP
2018-12-17T22:38:55.58124183Z 250 PC: 9d8ef | UNKNOWN!
2018-12-17T22:38:55.582732191Z 42 PC: 9d6fd | Get date 0x9d6fd: mov word ptr cs:[0xdd2], dx
0x9d702: mov word ptr cs:[0xdd4], cx
0x9d707: pop ds
0x9d708: pop dx
0x9d709: mov ax, 0x3d00
0x9d70c: pushf
0x9d70d: lcall ptr cs:[0xdbd]
0x9d712: jb 0x9d763
0x9d714: push cs
0x9d715: pop ds
0x9d716: xchg ax, bx
0x9d717: call 0x9d95e
0x9d71a: jb 0x9d760
0x9d71c: mov dx, 0x424
0x9d71f: mov ah, 0x3f
0x9d721: mov cx, 0x20
0x9d724: int3
0x9d725: cmp word ptr cs:[0x424], 0x5a4d
0x9d72c: je 0x9d766
0x9d72e: push cs
2018-12-17T22:38:55.585918034Z 61 PC: 9d712 | Open file (Filename = '��2�����2�.�6L�2���2Ÿ�2���2�.�.')
2018-12-17T22:38:55.593300615Z 63 PC: 9d725 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:38:55.596320329Z 66 PC: 9d8e7 | Move file pointer
2018-12-17T22:38:55.606851298Z 44 PC: 9d8fd | Get time 0x9d8fd: mov bx, dx
0x9d8ff: mov ah, cl
0x9d901: in al, 0x40
0x9d903: or al, al
0x9d905: je 0x9d901
0x9d907: mov byte ptr cs:[0x165], ah
0x9d90c: mov byte ptr cs:[0x167], al
0x9d910: mov word ptr cs:[0x169], bx
0x9d915: mov byte ptr cs:[0x115], 0x4c
0x9d91b: push cs
0x9d91c: push cs
0x9d91d: pop ds
0x9d91e: pop es
0x9d91f: mov cx, word ptr cs:[0x102]
0x9d924: add cx, bp
0x9d926: mov word ptr cs:[0x102], cx
0x9d92b: mov si, 0x100
0x9d92e: lea di, word ptr [bp + 0xdf0]
0x9d932: mov cx, 0xcd2
0x9d935: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:38:55.617649726Z 66 PC: 9d8e7 | Move file pointer
2018-12-17T22:38:55.619921409Z 64 PC: 9d818 | Write file or device (Write 3500 bytes on handle 5)
2018-12-17T22:38:56.32400834Z 66 PC: 9d8e7 | Move file pointer
2018-12-17T22:38:56.326082188Z 64 PC: 9d853 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:56.328675503Z 62 PC: 9d878 | Close file
2018-12-17T22:38:56.339011017Z 65 PC: 9d889 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:38:56.345806202Z 65 PC: 9d889 | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:38:56.350119983Z 65 PC: 9d889 | Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:38:56.354245225Z 65 PC: 9d889 | Delete file (Filename = 'ZZ##.IM')
2018-12-17T22:38:56.361265446Z 65 PC: 9d889 | Delete file (Filename = '�Greets to: PJanes,Rat,Largus & the girls Kill the talking bastard! kill him! Juap! ok..rec-tunn stolen from Vlad Mag.COMSPEC=3�S3۾� �� ���.�')
2018-12-17T22:38:56.373646493Z 250 PC: 9d8ef | UNKNOWN!
2018-12-17T22:38:56.376372627Z 42 PC: 12e7f | Get date 0x12e7f: cmp dx, 0x80a
0x12e83: je 0x12e88
0x12e85: jmp 0x12f5d
0x12e88: in al, 0x21
0x12e8a: or al, 2
0x12e8c: out 0x21, al
0x12e8e: mov ax, 0xa000
0x12e91: mov es, ax
0x12e93: mov ax, 0x13
0x12e96: int 0x10
0x12e98: xor bx, bx
0x12e9a: xor dx, dx
0x12e9c: mov ah, 2
0x12e9e: int 0x10
0x12ea0: lea dx, word ptr [bp + 0x3bb]
0x12ea4: mov ah, 9
0x12ea6: int 0x21
0x12ea8: mov di, 0x58c
0x12eab: mov al, 6
0x12ead: mov cx, 0xc4
2018-12-17T22:38:56.382361954Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:38:56.387910023Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":10,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:09.111355564Z 48 PC: 12c92 | Get DOS version
2018-12-25T12:00:09.123436755Z 84 PC: 12d76 | Get verify flag
2018-12-25T12:00:09.1246239Z 82 PC: 12d8a | Get DOS internal pointers (SYSVARS)
2018-12-25T12:00:09.125861789Z 74 PC: 12e0e | Reallocate memory
2018-12-25T12:00:09.127631569Z 72 PC: 12e14 | Allocate memory
2018-12-25T12:00:09.129177229Z 98 PC: 12e47 | Get current PSP
2018-12-25T12:00:09.130724414Z 250 PC: 9d8ef | UNKNOWN!
2018-12-25T12:00:09.131868005Z 42 PC: 9d6fd | Get date 0x9d6fd: mov word ptr cs:[0xdd2], dx
0x9d702: mov word ptr cs:[0xdd4], cx
0x9d707: pop ds
0x9d708: pop dx
0x9d709: mov ax, 0x3d00
0x9d70c: pushf
0x9d70d: lcall ptr cs:[0xdbd]
0x9d712: jb 0x9d763
0x9d714: push cs
0x9d715: pop ds
0x9d716: xchg ax, bx
0x9d717: call 0x9d95e
0x9d71a: jb 0x9d760
0x9d71c: mov dx, 0x424
0x9d71f: mov ah, 0x3f
0x9d721: mov cx, 0x20
0x9d724: int3
0x9d725: cmp word ptr cs:[0x424], 0x5a4d
0x9d72c: je 0x9d766
0x9d72e: push cs
2018-12-25T12:00:09.134544051Z 61 PC: 9d712 | Open file (Filename = '��2�����2�.�6L�2���2Ÿ�2���2�.�.')
2018-12-25T12:00:09.141315497Z 63 PC: 9d725 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:00:09.144122893Z 66 PC: 9d8e7 | Move file pointer
2018-12-25T12:00:09.150922336Z 44 PC: 9d8fd | Get time 0x9d8fd: mov bx, dx
0x9d8ff: mov ah, cl
0x9d901: in al, 0x40
0x9d903: or al, al
0x9d905: je 0x9d901
0x9d907: mov byte ptr cs:[0x165], ah
0x9d90c: mov byte ptr cs:[0x167], al
0x9d910: mov word ptr cs:[0x169], bx
0x9d915: mov byte ptr cs:[0x115], 0x4c
0x9d91b: push cs
0x9d91c: push cs
0x9d91d: pop ds
0x9d91e: pop es
0x9d91f: mov cx, word ptr cs:[0x102]
0x9d924: add cx, bp
0x9d926: mov word ptr cs:[0x102], cx
0x9d92b: mov si, 0x100
0x9d92e: lea di, word ptr [bp + 0xdf0]
0x9d932: mov cx, 0xcd2
0x9d935: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:00:09.159052412Z 66 PC: 9d8e7 | Move file pointer (See above)
2018-12-25T12:00:09.160415709Z 64 PC: 9d818 | Write file or device (Write 3500 bytes on handle 5)
2018-12-25T12:00:09.84925215Z 66 PC: 9d8e7 | Move file pointer (See above)
2018-12-25T12:00:09.851022066Z 64 PC: 9d853 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:09.854171566Z 62 PC: 9d878 | Close file
2018-12-25T12:00:09.861623955Z 65 PC: 9d889 | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T12:00:09.868565483Z 65 PC: 9d889 | Delete file (See above)
2018-12-25T12:00:09.874597249Z 65 PC: 9d889 | Delete file (See above)
2018-12-25T12:00:09.881247181Z 65 PC: 9d889 | Delete file (See above)
2018-12-25T12:00:09.887008074Z 65 PC: 9d889 | Delete file (See above)
2018-12-25T12:00:09.891145979Z 250 PC: 9d8ef | UNKNOWN! (See above)
2018-12-25T12:00:09.89590842Z 42 PC: 12e7f | Get date 0x12e7f: cmp dx, 0x80a
0x12e83: je 0x12e88
0x12e85: jmp 0x12f5d
0x12e88: in al, 0x21
0x12e8a: or al, 2
0x12e8c: out 0x21, al
0x12e8e: mov ax, 0xa000
0x12e91: mov es, ax
0x12e93: mov ax, 0x13
0x12e96: int 0x10
0x12e98: xor bx, bx
0x12e9a: xor dx, dx
0x12e9c: mov ah, 2
0x12e9e: int 0x10
0x12ea0: lea dx, word ptr [bp + 0x3bb]
0x12ea4: mov ah, 9
0x12ea6: int 0x21
0x12ea8: mov di, 0x58c
0x12eab: mov al, 6
0x12ead: mov cx, 0xc4
2018-12-25T12:00:09.904800685Z 9 PC: 12ea8 | Display string (Could not find end pointer)
2018-12-25T12:00:09.918643278Z 9 PC: 12f2f | Display string (Could not find end pointer)
2018-12-25T12:00:09.931203421Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:09.94450982Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:09.956989132Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:09.971477198Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:09.985412243Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:09.998160013Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.011350592Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.022856944Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.036058333Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.051349386Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.063127031Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.07606829Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.094956204Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.108914297Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.121469011Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.133274175Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.148879791Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.161617247Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.175515576Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.188059781Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.199761265Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.21315029Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.226908371Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.238138706Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.251145163Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.262982655Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.275741882Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.289587392Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.301263543Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.314195642Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.327644341Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.341128267Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.353958315Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.365656794Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.37959389Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.390744066Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.403808692Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.417408136Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.428955712Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.442295663Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.456246125Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.470981332Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.484262632Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.497436486Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.510753232Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.524139035Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.538360416Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.551974172Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.564423508Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.578620671Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.593045502Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.604888157Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.619315731Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.630930991Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.638906089Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.649807792Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.656579011Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.663676326Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.671323367Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.678640839Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.692151408Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.705988912Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.719770529Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.73329258Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.750558204Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.764724931Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.778600913Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.79365531Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.807847944Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.82039523Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.838547141Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.850659031Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.865080144Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.880050309Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.888633078Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.895724392Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.902291923Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.909613507Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.925627816Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.939211183Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.952365162Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.965996608Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.977728946Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:10.996947053Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.00860246Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.023210706Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.037067134Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.049443429Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.057158918Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.064286106Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.07330664Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.084506982Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.09222421Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.100676022Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.114641321Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.128074183Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.145795636Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.157749003Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.173311874Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.185045241Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.199548739Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.213456547Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.230988751Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.244507424Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.26022892Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.272236039Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.287828756Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.300785697Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.314126824Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.332590894Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.347594809Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.360872793Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.37280138Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.388524741Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.403052359Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.416131055Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.430571723Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.442767595Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.456398071Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.470363982Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.4820766Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.498603611Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.512164581Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.526405174Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.540036341Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.55315192Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.567538406Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.581375281Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.595347173Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.609551117Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.622988261Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.63701013Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.653302927Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.665206644Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.678958612Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.691853864Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.706747456Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.719855861Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.73275629Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.74674893Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.759579062Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.774594269Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.78779741Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.801493008Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.817025439Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.832860344Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.845246417Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.860793519Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.874077259Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.890119307Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.904144306Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.917058213Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.930991443Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.943832453Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.958136248Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.971778651Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:11.986076328Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.000217638Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.013925589Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.027787491Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.043143644Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.055939021Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.075966507Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.088016919Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.101989911Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.116611153Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.130271715Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.143531249Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.161373586Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.174255205Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.189033906Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.201546963Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.216520594Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.230505573Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.243632808Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.262377778Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.279280362Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.294784154Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.313744928Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.325988487Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.342278682Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.354621919Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.369766465Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.384653216Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.396914659Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.412402396Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.426899617Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.44063825Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.454157325Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.469095102Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.482603439Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.496850964Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.509966831Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.525133768Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.537229955Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.552736311Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.566381422Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.580408424Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.594914997Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.607004274Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.622342223Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.636478108Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.650114605Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.663770341Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.677418924Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.690753114Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.705614226Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.718359918Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.732695045Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.741505664Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.748827579Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.763380017Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.775360004Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.791320016Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.80465805Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.817383293Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.831759499Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.844038095Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.858287492Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.872677683Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.885316406Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.898837084Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.911990223Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.925421192Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.941858557Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.954175889Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.967685848Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:12.98712814Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.002016711Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.015431728Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.027879799Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.04185757Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.055740724Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.069200117Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.082619949Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.092609602Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.100594721Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.108381824Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.115507632Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.124070823Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.13620637Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.150082022Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.164240422Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.176379107Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.191500648Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.203742057Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.218276366Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.233566917Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.247136715Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.260651844Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.275476083Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.288365331Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.302496153Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.315086142Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.328976245Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.343199118Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.355920148Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.370082065Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.382289849Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.390965626Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.398916606Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.405773285Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.41351555Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.422413339Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.435977418Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.450295072Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.463267365Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.476955648Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.49041283Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.503982647Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.519314798Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.531686732Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.545912128Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.560228223Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.573991531Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.587571897Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.601013731Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.614597901Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.629621696Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.641979136Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.655684177Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.66989702Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.684481013Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.69944038Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.713227315Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.728839222Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.741991002Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.756902435Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.770820764Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.784008346Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.798968605Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.815689156Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.829316436Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.844256091Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.857366736Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.87317797Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.892270717Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.927930492Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.949191105Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:13.964358721Z 9 PC: 12f2f | Display string (See above)
2018-12-25T12:00:14.074635021Z 9 PC: 12f2f | Display string (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6667,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:09.169297955Z 48 PC: 12c92 | Get DOS version