{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:35.415386781Z | 44 | PC: 12a83 | Get time 0x12a83: cmp dl, 2 0x12a86: je 0x12a94 0x12a88: mov ah, 0x2a 0x12a8a: cmp dl, 2 0x12a8d: je 0x12a94 0x12a8f: cmp cl, 0x3b 0x12a92: jne 0x12aa7 0x12a94: mov al, 2 0x12a96: mov cx, 1 0x12a99: lea bx, word ptr [bp + 0x143] 0x12a9d: cdq 0x12a9e: int 0x26 0x12aa0: inc cx 0x12aa1: jae 0x12a9e 0x12aa3: inc al 0x12aa5: jmp 0x12a96 0x12aa7: mov ax, es 0x12aa9: add ax, 0x10 0x12aac: add ax, word ptr cs:[bp + 0x196] 0x12ab1: push ax |
| 2018-12-25T12:37:35.418172762Z | 26 | PC: 12ac2 | Set disk transfer address |
| 2018-12-25T12:37:35.419817456Z | 25 | PC: 12ac6 | Get default drive |
| 2018-12-25T12:37:35.421520961Z | 26 | PC: 12b81 | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":59,"Second":0,"TimeBased":true,"OriginalID":13122,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:35.635701354Z | 44 | PC: 12a83 | Get time 0x12a83: cmp dl, 2 0x12a86: je 0x12a94 0x12a88: mov ah, 0x2a 0x12a8a: cmp dl, 2 0x12a8d: je 0x12a94 0x12a8f: cmp cl, 0x3b 0x12a92: jne 0x12aa7 0x12a94: mov al, 2 0x12a96: mov cx, 1 0x12a99: lea bx, word ptr [bp + 0x143] 0x12a9d: cdq 0x12a9e: int 0x26 0x12aa0: inc cx 0x12aa1: jae 0x12a9e 0x12aa3: inc al 0x12aa5: jmp 0x12a96 0x12aa7: mov ax, es 0x12aa9: add ax, 0x10 0x12aac: add ax, word ptr cs:[bp + 0x196] 0x12ab1: push ax |
| 2018-12-25T12:37:35.698807125Z | 44 | PC: 12a83 | Get time (See above) |