{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9411,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:07.787164986Z | 44 | PC: 12a5d | Get time 0x12a5d: cmp ch, 4 0x12a60: jg 0x12a70 0x12a62: mov ah, 9 0x12a64: lea dx, word ptr [si + 0x1bc] 0x12a68: int 0x21 0x12a6a: mov ah, 0 0x12a6c: int 0x16 0x12a6e: int 0x19 0x12a70: mov ah, 0x4e 0x12a72: lea dx, word ptr [si + 0x1b2] 0x12a76: xor cx, cx 0x12a78: int 0x21 0x12a7a: mov dx, 0x9e 0x12a7d: mov ah, 0x3d 0x12a7f: out 0x78, al 0x12a81: mov cx, 0xb4c3 0x12a84: aas 0x12a85: lea dx, word ptr [si + 0x1f4] 0x12a89: mov word ptr [si], 0xb4b9 0x12a8d: sub al, 0xcd |
| 2018-12-25T12:23:07.790481221Z | 9 | PC: 12a6a | Display string (Could not find end pointer) |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":5,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9411,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:07.949261766Z | 44 | PC: 12a5d | Get time 0x12a5d: cmp ch, 4 0x12a60: jg 0x12a70 0x12a62: mov ah, 9 0x12a64: lea dx, word ptr [si + 0x1bc] 0x12a68: int 0x21 0x12a6a: mov ah, 0 0x12a6c: int 0x16 0x12a6e: int 0x19 0x12a70: mov ah, 0x4e 0x12a72: lea dx, word ptr [si + 0x1b2] 0x12a76: xor cx, cx 0x12a78: int 0x21 0x12a7a: mov dx, 0x9e 0x12a7d: mov ah, 0x3d 0x12a7f: out 0x78, al 0x12a81: mov cx, 0xb4c3 0x12a84: aas 0x12a85: lea dx, word ptr [si + 0x1f4] 0x12a89: mov word ptr [si], 0xb4b9 0x12a8d: sub al, 0xcd |
| 2018-12-25T12:23:07.955828427Z | 78 | PC: 12a7a | Find first file |
| 2018-12-25T12:23:07.960395232Z | 87 | PC: 12a9a | Get or set file date and time |
| 2018-12-25T12:23:07.962076606Z | 66 | PC: 12aa5 | Move file pointer |