{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4723,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:42.722043389Z | 53 | PC: 12ab8 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:42.724277482Z | 37 | PC: 12b2f | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:42.725396268Z | 42 | PC: 12b3a | Get date 0x12b3a: cmp dl, 1 0x12b3d: jne 0x12b48 0x12b3f: mov al, 2 0x12b41: mov cx, 0x270 0x12b44: cdq 0x12b45: int 0x26 0x12b47: popf 0x12b48: jmp 0x12a96 0x12b4b: int 0x12 0x12b4d: jmp 0x12b5d 0x12b4f: dec bp 0x12b50: push bp 0x12b51: dec sp 0x12b52: push sp 0x12b53: dec cx 0x12b54: sub ax, 0x4c46 0x12b57: push bp 0x12b58: and byte ptr [bp + 0x31], dh 0x12b5b: xor byte ptr cs:[bx + di + 0x400], bh 0x12b60: jmp 0x12b78 |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4723,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:43.116053088Z | 53 | PC: 12ab8 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:43.118320964Z | 37 | PC: 12b2f | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:43.119303584Z | 42 | PC: 12b3a | Get date 0x12b3a: cmp dl, 1 0x12b3d: jne 0x12b48 0x12b3f: mov al, 2 0x12b41: mov cx, 0x270 0x12b44: cdq 0x12b45: int 0x26 0x12b47: popf 0x12b48: jmp 0x12a96 0x12b4b: int 0x12 0x12b4d: jmp 0x12b5d 0x12b4f: dec bp 0x12b50: push bp 0x12b51: dec sp 0x12b52: push sp 0x12b53: dec cx 0x12b54: sub ax, 0x4c46 0x12b57: push bp 0x12b58: and byte ptr [bp + 0x31], dh 0x12b5b: xor byte ptr cs:[bx + di + 0x400], bh 0x12b60: jmp 0x12b78 |