{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11019,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:46.104979943Z | 71 | PC: 15c7f | Get current directory |
| 2018-12-25T12:29:46.130630226Z | 26 | PC: 15e23 | Set disk transfer address |
| 2018-12-25T12:29:46.132626828Z | 59 | PC: 15e2c | Change current directory |
| 2018-12-25T12:29:46.135013437Z | 44 | PC: 15e3f | Get time 0x15e3f: cmp cl, 0x34 0x15e42: jne 0x15e4c 0x15e44: cmp dh, 0x14 0x15e47: ja 0x15e4c 0x15e49: jmp 0x15f46 0x15e4c: pop ax 0x15e4d: sub ax, 3 0x15e50: push ax 0x15e51: xor ax, ax 0x15e53: xor bx, bx 0x15e55: xor cx, cx 0x15e57: xor dx, dx 0x15e59: ret 0x15e5a: mov byte ptr [bp + 0x571], 0 0x15e5f: xor bx, bx 0x15e61: push bx 0x15e62: lea dx, word ptr [bp + 0x54a] 0x15e66: jmp 0x15e6c 0x15e68: lea dx, word ptr [bp + 0x557] 0x15e6c: mov cx, 7 |
| 2018-12-25T12:29:46.139790385Z | 9 | PC: 12a47 | Display string (String= 'Eudora.exe not found in this directory... Change directory and retry.') |
| 2018-12-25T12:29:46.144408771Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":52,"Second":0,"TimeBased":true,"OriginalID":11019,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:46.142532669Z | 71 | PC: 15c7f | Get current directory |
| 2018-12-25T12:29:46.148103254Z | 26 | PC: 15e23 | Set disk transfer address |
| 2018-12-25T12:29:46.149780006Z | 59 | PC: 15e2c | Change current directory |
| 2018-12-25T12:29:46.158486865Z | 44 | PC: 15e3f | Get time 0x15e3f: cmp cl, 0x34 0x15e42: jne 0x15e4c 0x15e44: cmp dh, 0x14 0x15e47: ja 0x15e4c 0x15e49: jmp 0x15f46 0x15e4c: pop ax 0x15e4d: sub ax, 3 0x15e50: push ax 0x15e51: xor ax, ax 0x15e53: xor bx, bx 0x15e55: xor cx, cx 0x15e57: xor dx, dx 0x15e59: ret 0x15e5a: mov byte ptr [bp + 0x571], 0 0x15e5f: xor bx, bx 0x15e61: push bx 0x15e62: lea dx, word ptr [bp + 0x54a] 0x15e66: jmp 0x15e6c 0x15e68: lea dx, word ptr [bp + 0x557] 0x15e6c: mov cx, 7 |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":52,"Second":21,"TimeBased":true,"OriginalID":11019,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:46.273106344Z | 71 | PC: 15c7f | Get current directory |
| 2018-12-25T12:29:46.277095Z | 26 | PC: 15e23 | Set disk transfer address |
| 2018-12-25T12:29:46.278105031Z | 59 | PC: 15e2c | Change current directory |
| 2018-12-25T12:29:46.280010683Z | 44 | PC: 15e3f | Get time 0x15e3f: cmp cl, 0x34 0x15e42: jne 0x15e4c 0x15e44: cmp dh, 0x14 0x15e47: ja 0x15e4c 0x15e49: jmp 0x15f46 0x15e4c: pop ax 0x15e4d: sub ax, 3 0x15e50: push ax 0x15e51: xor ax, ax 0x15e53: xor bx, bx 0x15e55: xor cx, cx 0x15e57: xor dx, dx 0x15e59: ret 0x15e5a: mov byte ptr [bp + 0x571], 0 0x15e5f: xor bx, bx 0x15e61: push bx 0x15e62: lea dx, word ptr [bp + 0x54a] 0x15e66: jmp 0x15e6c 0x15e68: lea dx, word ptr [bp + 0x557] 0x15e6c: mov cx, 7 |
| 2018-12-25T12:29:46.282761923Z | 9 | PC: 12a47 | Display string (String= 'Eudora.exe not found in this directory... Change directory and retry.') |
| 2018-12-25T12:29:46.286341847Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |