{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2930,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:48.556229438Z | 44 | PC: 12a81 | Get time 0x12a81: cmp dl, 2 0x12a84: je 0x12a92 0x12a86: mov ah, 0x2a 0x12a88: cmp dl, 2 0x12a8b: je 0x12a92 0x12a8d: cmp cl, 0x3b 0x12a90: jne 0x12aa5 0x12a92: mov al, 2 0x12a94: mov cx, 1 0x12a97: lea bx, word ptr [bp + 0x141] 0x12a9b: cdq 0x12a9c: int 0x26 0x12a9e: inc cx 0x12a9f: jae 0x12a9c 0x12aa1: inc al 0x12aa3: jmp 0x12a94 0x12aa5: mov ax, es 0x12aa7: add ax, 0x10 0x12aaa: add ax, word ptr cs:[bp + 0x194] 0x12aaf: push ax |
| 2018-12-25T11:47:48.558754517Z | 26 | PC: 12ac0 | Set disk transfer address |
| 2018-12-25T11:47:48.559890282Z | 25 | PC: 12ac4 | Get default drive |
| 2018-12-25T11:47:48.561058771Z | 26 | PC: 12b7f | Set disk transfer address |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":59,"Second":0,"TimeBased":true,"OriginalID":2930,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:47:48.563217443Z | 44 | PC: 12a81 | Get time 0x12a81: cmp dl, 2 0x12a84: je 0x12a92 0x12a86: mov ah, 0x2a 0x12a88: cmp dl, 2 0x12a8b: je 0x12a92 0x12a8d: cmp cl, 0x3b 0x12a90: jne 0x12aa5 0x12a92: mov al, 2 0x12a94: mov cx, 1 0x12a97: lea bx, word ptr [bp + 0x141] 0x12a9b: cdq 0x12a9c: int 0x26 0x12a9e: inc cx 0x12a9f: jae 0x12a9c 0x12aa1: inc al 0x12aa3: jmp 0x12a94 0x12aa5: mov ax, es 0x12aa7: add ax, 0x10 0x12aaa: add ax, word ptr cs:[bp + 0x194] 0x12aaf: push ax |
| 2018-12-25T11:47:48.65011756Z | 44 | PC: 12a81 | Get time (See above) |