{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":59,"Second":0,"TimeBased":true,"OriginalID":2327,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:30.705971229Z | 44 | PC: 12a82 | Get time 0x12a82: cmp dl, 2 0x12a85: je 0x12a93 0x12a87: mov ah, 0x2a 0x12a89: cmp dl, 2 0x12a8c: je 0x12a93 0x12a8e: cmp cl, 0x3b 0x12a91: jne 0x12aa6 0x12a93: mov al, 2 0x12a95: mov cx, 1 0x12a98: lea bx, word ptr [bp + 0x142] 0x12a9c: cdq 0x12a9d: int 0x26 0x12a9f: inc cx 0x12aa0: jae 0x12a9d 0x12aa2: inc al 0x12aa4: jmp 0x12a95 0x12aa6: mov ax, es 0x12aa8: add ax, 0x10 0x12aab: add ax, word ptr cs:[bp + 0x195] 0x12ab0: push ax |
| 2018-12-25T11:45:33.978908613Z | 44 | PC: 12a82 | Get time (See above) |
| 2018-12-25T11:45:41.504667024Z | 44 | PC: 12a82 | Get time (See above) |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2327,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:45:30.824176194Z | 44 | PC: 12a82 | Get time 0x12a82: cmp dl, 2 0x12a85: je 0x12a93 0x12a87: mov ah, 0x2a 0x12a89: cmp dl, 2 0x12a8c: je 0x12a93 0x12a8e: cmp cl, 0x3b 0x12a91: jne 0x12aa6 0x12a93: mov al, 2 0x12a95: mov cx, 1 0x12a98: lea bx, word ptr [bp + 0x142] 0x12a9c: cdq 0x12a9d: int 0x26 0x12a9f: inc cx 0x12aa0: jae 0x12a9d 0x12aa2: inc al 0x12aa4: jmp 0x12a95 0x12aa6: mov ax, es 0x12aa8: add ax, 0x10 0x12aab: add ax, word ptr cs:[bp + 0x195] 0x12ab0: push ax |
| 2018-12-25T11:45:30.826556915Z | 26 | PC: 12ac1 | Set disk transfer address |
| 2018-12-25T11:45:30.828035369Z | 25 | PC: 12ac5 | Get default drive |
| 2018-12-25T11:45:30.829278007Z | 26 | PC: 12b80 | Set disk transfer address |