{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4411,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:39.67890135Z | 136 | PC: 12a51 | UNKNOWN! |
| 2018-12-25T11:51:39.680549964Z | 74 | PC: 12a5e | Reallocate memory |
| 2018-12-25T11:51:39.682333727Z | 74 | PC: 12a65 | Reallocate memory |
| 2018-12-25T11:51:39.683992112Z | 72 | PC: 12a6c | Allocate memory |
| 2018-12-25T11:51:39.686581269Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0xa 0x12a94: jbe 0x12abc 0x12a96: cmp cl, 0x37 0x12a99: jge 0x12a9b 0x12a9b: xor ax, ax 0x12a9d: mov ds, ax 0x12a9f: push ds 0x12aa0: lds ax, ptr [0x98] 0x12aa4: mov word ptr es:[0x31a], ax 0x12aa8: mov word ptr es:[0x31c], ds 0x12aad: pop ds 0x12aae: mov word ptr [0x98], 0x297 0x12ab4: mov bx, es 0x12ab6: mov word ptr [0x9a], bx 0x12aba: jmp 0x12adb 0x12abc: xor ax, ax 0x12abe: mov ds, ax 0x12ac0: push ds 0x12ac1: lds ax, ptr [0x24] 0x12ac5: mov word ptr es:[0x312], ax |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":10,"Second":0,"TimeBased":true,"OriginalID":4411,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:41.108509993Z | 136 | PC: 12a51 | UNKNOWN! |
| 2018-12-25T11:51:41.110142529Z | 74 | PC: 12a5e | Reallocate memory |
| 2018-12-25T11:51:41.111924964Z | 74 | PC: 12a65 | Reallocate memory |
| 2018-12-25T11:51:41.113383846Z | 72 | PC: 12a6c | Allocate memory |
| 2018-12-25T11:51:41.115541272Z | 44 | PC: 12a91 | Get time 0x12a91: cmp cl, 0xa 0x12a94: jbe 0x12abc 0x12a96: cmp cl, 0x37 0x12a99: jge 0x12a9b 0x12a9b: xor ax, ax 0x12a9d: mov ds, ax 0x12a9f: push ds 0x12aa0: lds ax, ptr [0x98] 0x12aa4: mov word ptr es:[0x31a], ax 0x12aa8: mov word ptr es:[0x31c], ds 0x12aad: pop ds 0x12aae: mov word ptr [0x98], 0x297 0x12ab4: mov bx, es 0x12ab6: mov word ptr [0x9a], bx 0x12aba: jmp 0x12adb 0x12abc: xor ax, ax 0x12abe: mov ds, ax 0x12ac0: push ds 0x12ac1: lds ax, ptr [0x24] 0x12ac5: mov word ptr es:[0x312], ax |