{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9851,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:54.458989177Z | 42 | PC: 12a53 | Get date 0x12a53: cmp dl, 0x1b 0x12a56: jne 0x12a94 0x12a58: mov cx, 0xf 0x12a5b: lea si, word ptr [bp + 0x474] 0x12a5f: inc byte ptr [si] 0x12a61: inc si 0x12a62: loop 0x12a5f 0x12a64: mov ah, 0x3c 0x12a66: xor cx, cx 0x12a68: lea dx, word ptr [bp + 0x474] 0x12a6c: int 0x21 0x12a6e: xchg ax, bx 0x12a6f: in al, 0x40 0x12a71: test al, 1 0x12a73: jne 0x12a87 0x12a75: mov ah, 0x40 0x12a77: mov cx, 0x51 0x12a7a: lea dx, word ptr [bp + 0x484] 0x12a7e: int 0x21 0x12a80: mov ah, 0x3e |
| 2018-12-25T12:23:54.462023726Z | 74 | PC: 12a9e | Reallocate memory |
| 2018-12-25T12:23:54.46351681Z | 74 | PC: 12aa9 | Reallocate memory |
| 2018-12-25T12:23:54.464731462Z | 72 | PC: 12ab0 | Allocate memory |
{"DateBased":true,"Day":27,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9851,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:54.482866051Z | 42 | PC: 12a53 | Get date 0x12a53: cmp dl, 0x1b 0x12a56: jne 0x12a94 0x12a58: mov cx, 0xf 0x12a5b: lea si, word ptr [bp + 0x474] 0x12a5f: inc byte ptr [si] 0x12a61: inc si 0x12a62: loop 0x12a5f 0x12a64: mov ah, 0x3c 0x12a66: xor cx, cx 0x12a68: lea dx, word ptr [bp + 0x474] 0x12a6c: int 0x21 0x12a6e: xchg ax, bx 0x12a6f: in al, 0x40 0x12a71: test al, 1 0x12a73: jne 0x12a87 0x12a75: mov ah, 0x40 0x12a77: mov cx, 0x51 0x12a7a: lea dx, word ptr [bp + 0x484] 0x12a7e: int 0x21 0x12a80: mov ah, 0x3e |
| 2018-12-25T12:23:54.486028609Z | 60 | PC: 12a6e | Create or truncate file |
| 2018-12-25T12:23:55.179234229Z | 64 | PC: 12a80 | Write file or device (Write 81 bytes on handle 5) |
| 2018-12-25T12:23:55.184031842Z | 62 | PC: 12a84 | Close file |