{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14263,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:16.058222116Z | 42 | PC: 12e61 | Get date 0x12e61: jae 0x12e66 0x12e63: jmp 0x12fc0 0x12e66: cmp dh, 0xc 0x12e69: jne 0x12e6e 0x12e6b: jmp 0x12f98 0x12e6e: mov ah, 0x47 0x12e70: mov dl, 0 0x12e72: push si 0x12e73: lea bx, word ptr [si + 0x3f9] 0x12e77: mov si, bx 0x12e79: int 0x21 0x12e7b: jb 0x12e63 0x12e7d: pop si 0x12e7e: mov byte ptr [si + 0x3a3], 0 0x12e83: mov ah, 0x1a 0x12e85: lea dx, word ptr [si + 0x43b] 0x12e89: int 0x21 0x12e8b: mov ah, 0x4e 0x12e8d: mov cx, 0 0x12e90: lea dx, word ptr [si + 0x3aa] |
| 2018-12-25T12:40:16.061173374Z | 59 | PC: 12fc8 | Change current directory |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14263,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:16.531673273Z | 42 | PC: 12e61 | Get date 0x12e61: jae 0x12e66 0x12e63: jmp 0x12fc0 0x12e66: cmp dh, 0xc 0x12e69: jne 0x12e6e 0x12e6b: jmp 0x12f98 0x12e6e: mov ah, 0x47 0x12e70: mov dl, 0 0x12e72: push si 0x12e73: lea bx, word ptr [si + 0x3f9] 0x12e77: mov si, bx 0x12e79: int 0x21 0x12e7b: jb 0x12e63 0x12e7d: pop si 0x12e7e: mov byte ptr [si + 0x3a3], 0 0x12e83: mov ah, 0x1a 0x12e85: lea dx, word ptr [si + 0x43b] 0x12e89: int 0x21 0x12e8b: mov ah, 0x4e 0x12e8d: mov cx, 0 0x12e90: lea dx, word ptr [si + 0x3aa] |
| 2018-12-25T12:40:16.53407632Z | 59 | PC: 12fc8 | Change current directory |