{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:31.122684513Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:31.12706516Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:31.130692266Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:31.13232445Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:31.135829856Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:31.139962464Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:31.145975624Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:31.161503539Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:31.172813491Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:31.174129252Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:31.180898779Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:31.182479733Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.187965177Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:31.189031391Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.193874746Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:31.195279088Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:31.202969436Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.206710876Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.216343904Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.222807285Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.224999806Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.231266158Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.232603871Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.242074066Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.243501922Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.250347537Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.252617104Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.261235567Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.26425428Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.274449619Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.281195043Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.282979959Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.29026Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.291677502Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.300223548Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.302410625Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.309135792Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.310980469Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.319873004Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.322483347Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:31.326618415Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:31.327753549Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:31.329909695Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:31.432203948Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:31.43453867Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:31.440266241Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:31.441342297Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:31.445073594Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:31.448948741Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:31.454761346Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:31.470420874Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:31.481525545Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:31.483063445Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:31.489876705Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:31.491395648Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.499751694Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:31.501011628Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.507433134Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:31.50862076Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:31.51584295Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.518180041Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.52445599Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.528452166Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.529683237Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.53559506Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.536674768Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.544758363Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.545977097Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.553191707Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.556678888Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.56417041Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.566113625Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.573035839Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.577033948Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.577913554Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.582317805Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.583545728Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.591962884Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.593336846Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.599692998Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.600925815Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.608781561Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.611225843Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:31.619955827Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:31.627615476Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:31.629578766Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:31.735866082Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:31.739529698Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:31.742259629Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:31.743635399Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:31.755139561Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:31.759234829Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:31.765022401Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:31.780952545Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:31.78788219Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:31.789652279Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:31.79593284Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:31.797372863Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.805827828Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:31.807026875Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.814303082Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:31.815803949Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:31.82358252Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.826656791Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.836271725Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.842932905Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.845545729Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.851814057Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.853074876Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.862460515Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.863681097Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.869879874Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.871649963Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.879523883Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.881948777Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.892107739Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.898486239Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.899688987Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.906514389Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.907905089Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.917441254Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.919099313Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.927068923Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.928432772Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.937293684Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.939854039Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:31.944315784Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:31.945509948Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:31.947682773Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:31.805645738Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:31.808931288Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:31.811612184Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:31.81252857Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:31.817604638Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:31.822298452Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:31.828510659Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:31.84449718Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:31.851142602Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:31.852414349Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:31.858979986Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:31.860333015Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.868894285Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:31.870650309Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.876944038Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:31.878281537Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:31.886700882Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.889176384Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.898786206Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.905469504Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.906871018Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.912947289Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.9144512Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.923441729Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.92481467Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.932270997Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.933620369Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.940998346Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.943902599Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:31.953789473Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:31.959993927Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.961668126Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:31.967705738Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:31.968946198Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.977435553Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:31.978799387Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:31.98502028Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:31.987163258Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:31.994717619Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:31.997210958Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:32.002405984Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:32.003557972Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:32.005649257Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:06:47.791607919Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T13:06:47.794088142Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T13:06:47.795994265Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T13:06:47.798557225Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:32.738607257Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:32.743039108Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:32.745544277Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:32.749332543Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:32.74978468Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:32.753857794Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:32.757005507Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:32.761439415Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:33.052336838Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:33.056505535Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:33.058724397Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:33.06255624Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:33.403205035Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:33.407521862Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:33.410404947Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:33.41143952Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:33.414922345Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:33.418670367Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:33.42435556Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:33.44225023Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:33.454076809Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:33.455779023Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:33.463173524Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:33.465350784Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.474901649Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:33.477223683Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.48398113Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:33.487452275Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:33.497479469Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:33.500082864Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:33.510221254Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:33.517224983Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.519423469Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:33.527581008Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:33.529521774Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.540536772Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:33.543080899Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.550157063Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.554471244Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:33.563801288Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:33.56653215Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:33.576781993Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:33.583345777Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.585133996Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:33.594662724Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:33.596001469Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.618459577Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:33.621560852Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.629305298Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.630924499Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:33.639725833Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:33.642211209Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:33.646343155Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:33.648092477Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:33.650217973Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:33.701030081Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:33.709077468Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:33.712160991Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:33.713735212Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:33.717254818Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:33.721533825Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:33.732319987Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:33.750141887Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:33.756724058Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:33.75831706Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:33.764475207Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:33.766885121Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.779181959Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:33.780529763Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.787788474Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:33.789314234Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:33.797700005Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:33.801496387Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:33.814969282Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:33.821955454Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.824098977Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:33.830514277Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:33.832653122Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.841738578Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:33.843162741Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.847555197Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.849133801Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:33.854186017Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:33.85604089Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:33.862873818Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:33.867388103Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.868749099Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:33.875752337Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:33.877208224Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.88559182Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:33.888184308Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:33.894657883Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:33.895928815Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:33.903894843Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:33.906991966Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:33.910707172Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:33.911838255Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:33.91499194Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:34.031503448Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:34.034876773Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:34.037685659Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:34.038675075Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:34.04196482Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:34.045852974Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:34.052123597Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:34.067199504Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:34.073509721Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:34.074819989Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:34.081567658Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:34.082959448Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.09010728Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:34.094259029Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.101680292Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:34.102976673Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:34.111057452Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:34.113467783Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:34.123030224Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:34.129392711Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.131261571Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:34.137263038Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:34.139015046Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.147657401Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:34.148796668Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.155071652Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.16234864Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:34.169873966Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:34.172311636Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:34.182010798Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:34.189420729Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.190648635Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:34.203005728Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:34.204369346Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.213008187Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:34.214889522Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.221077079Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.222445882Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:34.23031433Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:34.232811898Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:34.236600377Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:34.23946843Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:34.241577931Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:34.300777223Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:34.304248281Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:34.307028644Z | 26 | PC: 13d3d | Set disk transfer address |
| 2018-12-25T11:41:34.308330175Z | 71 | PC: 13d4d | Get current directory |
| 2018-12-25T11:41:34.31220933Z | 59 | PC: 13d5b | Change current directory |
| 2018-12-25T11:41:34.31606851Z | 78 | PC: 13eeb | Find first file |
| 2018-12-25T11:41:34.326809739Z | 67 | PC: 13e6b | Get or set file attributes |
| 2018-12-25T11:41:34.345538855Z | 61 | PC: 13e70 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:34.352291206Z | 87 | PC: 13e76 | Get or set file date and time |
| 2018-12-25T11:41:34.353675575Z | 63 | PC: 13e8b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:41:34.360035035Z | 66 | PC: 13e9e | Move file pointer |
| 2018-12-25T11:41:34.361729783Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.370555959Z | 66 | PC: 13ebc | Move file pointer |
| 2018-12-25T11:41:34.372248098Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.3803678Z | 87 | PC: 13ed7 | Get or set file date and time |
| 2018-12-25T11:41:34.38189367Z | 62 | PC: 13edb | Close file |
| 2018-12-25T11:41:34.389592527Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:34.39272192Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:34.40218461Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:34.415483649Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.417232392Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:34.423392651Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:34.424631994Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.43448653Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:34.435906658Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.44248074Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.444463119Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:34.450394204Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:34.452956645Z | 67 | PC: 13e6b | Get or set file attributes (See above) |
| 2018-12-25T11:41:34.462938792Z | 61 | PC: 13e70 | Open file (See above) |
| 2018-12-25T11:41:34.469123049Z | 87 | PC: 13e76 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.470327375Z | 63 | PC: 13e8b | Read file or device (See above) |
| 2018-12-25T11:41:34.477251724Z | 66 | PC: 13e9e | Move file pointer (See above) |
| 2018-12-25T11:41:34.478565334Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.486882327Z | 66 | PC: 13ebc | Move file pointer (See above) |
| 2018-12-25T11:41:34.488688307Z | 64 | PC: 13eeb | Write file or device (See above) |
| 2018-12-25T11:41:34.494887529Z | 87 | PC: 13ed7 | Get or set file date and time (See above) |
| 2018-12-25T11:41:34.496156514Z | 62 | PC: 13edb | Close file (See above) |
| 2018-12-25T11:41:34.504158707Z | 79 | PC: 13eeb | Find next file (See above) |
| 2018-12-25T11:41:34.506635819Z | 59 | PC: 13df9 | Change current directory |
| 2018-12-25T11:41:34.510258375Z | 26 | PC: 13e00 | Set disk transfer address |
| 2018-12-25T11:41:34.511486651Z | 42 | PC: 13e3c | Get date 0x13e3c: cmp al, 0 0x13e3e: je 0x13e45 0x13e40: mov ax, 0x100 0x13e43: push ax 0x13e44: ret 0x13e45: lea si, word ptr [bp + 0x1464] 0x13e49: mov di, 0x100 0x13e4c: movsw word ptr es:[di], word ptr [si] 0x13e4d: movsb byte ptr es:[di], byte ptr [si] 0x13e4e: jmp 0x13e40 0x13e50: ret 0x13e51: mov ax, word ptr ds:[bp + 0x290] 0x13e56: cmp ax, 0x4f43 0x13e59: je 0x13e50 0x13e5b: mov word ptr ds:[bp + 0x157b], dx 0x13e60: mov ax, 0x4301 0x13e63: xor cx, cx 0x13e65: lea dx, word ptr [bp + 0x290] 0x13e69: int 0x21 0x13e6b: mov ax, 0x3d02 |
| 2018-12-25T11:41:34.513401166Z | 9 | PC: 12a47 | Display string (String= 'V3 Crack Ver 2.3 Made by MOV Thank you Bye~~ ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:34.637700924Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:34.642293483Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:34.644474643Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:34.648792507Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:36.642727381Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:36.646646256Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:36.64913453Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:36.653393091Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:37.517268324Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:37.533800805Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:37.537996621Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:37.542948406Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:37.683609616Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp al, 0 0x12aa9: je 0x12aae 0x12aab: jmp 0x13050 0x12aae: mov ah, 0x2a 0x12ab0: int 0x21 0x12ab2: cmp al, 0 0x12ab4: je 0x12ab8 0x12ab6: jmp 0x12aae 0x12ab8: lea si, word ptr [bp + 0x264] 0x12abc: lea di, word ptr [bp + 0x25c] 0x12ac0: mov cx, 4 0x12ac3: rep movsd dword ptr es:[di], dword ptr [si] 0x12ac5: mov ah, 0x1a 0x12ac7: lea dx, word ptr [bp + 0x272] 0x12acb: int 0x21 0x12acd: mov ah, 0x4e 0x12acf: lea dx, word ptr [bp + 0x26c] 0x12ad3: mov cx, 0 0x12ad6: int 0x21 0x12ad8: jae 0x12add |
| 2018-12-25T11:41:37.687628745Z | 44 | PC: 13d20 | Get time 0x13d20: cmp ch, 0x16 0x13d23: jg 0x13cfb 0x13d25: movsb byte ptr es:[di], byte ptr [si] 0x13d26: movsw word ptr es:[di], word ptr [si] 0x13d27: xor si, si 0x13d29: mov ax, 1 0x13d2c: call 0x23055 0x13d2f: xor si, si 0x13d31: xor ax, ax 0x13d33: xor dx, dx 0x13d35: mov ah, 0x1a 0x13d37: lea dx, word ptr [bp + 0x272] 0x13d3b: int 0x21 0x13d3d: mov ah, 0x47 0x13d3f: mov dl, 0 0x13d41: lea si, word ptr [bp + 0x2d1] 0x13d45: mov byte ptr ds:[bp + 0x2d0], 0x5c 0x13d4b: int 0x21 0x13d4d: mov byte ptr ds:[bp + 0x157a], 0 0x13d53: mov ah, 0x3b |
| 2018-12-25T11:41:37.691051965Z | 9 | PC: 13d12 | Display string (String= 'Good Night????????? ') |
| 2018-12-25T11:41:37.695964733Z | 76 | PC: 13d16 | Terminate with return code (Return code = '36') |