{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.395702659Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:31.397513827Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:31.400224239Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:31.401122851Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:31.407408601Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:31.418571382Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:31.440396341Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:31.446416397Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:31.453061671Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:31.454597858Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:31.457539794Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:31.460107722Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.4625488Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:31.465574033Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.468222337Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:31.479138868Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:31.483224582Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:31.491771835Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:31.493220841Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:31.494544928Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:31.506207941Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:31.515079556Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:31.517301305Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:31.519159699Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:31.524424724Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.415150751Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:31.41705835Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:31.419823684Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:31.420951625Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:31.427042178Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:31.432712401Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:31.447748286Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:31.459802195Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:31.466175233Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:31.467445753Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:31.469841793Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:31.471938832Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.474134376Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:31.476828605Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.479491958Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:31.485682565Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:31.498403014Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:31.50490233Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:31.506366481Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:31.507664227Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:31.511675932Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:31.519181346Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:31.521185802Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:31.522415243Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:31.527687985Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.512994039Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:31.514577394Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:31.517285403Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:31.518786289Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:31.525913131Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:31.536978435Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:31.554496732Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:31.561696759Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:31.566521702Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:31.567952441Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:31.571051657Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:31.573181387Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.576410539Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:31.581543618Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.584406375Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:31.595396466Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:31.60275095Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:31.609621983Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:31.611088276Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:31.612241286Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:31.61668607Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:31.624094906Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:31.626046072Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:31.627821094Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:31.633086162Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.363947994Z | 64 | PC: 0 | Write file or device (Write 2 bytes on handle 1) |
| 2018-12-25T11:42:31.37156948Z | 41 | PC: 94fae | Parse filename |
| 2018-12-25T11:42:31.375514536Z | 41 | PC: 9502f | Parse filename |
| 2018-12-25T11:42:31.377285277Z | 41 | PC: 9504c | Parse filename |
| 2018-12-25T11:42:31.379483787Z | 26 | PC: 984f7 | Set disk transfer address |
| 2018-12-25T11:42:31.381836097Z | 71 | PC: 986f3 | Get current directory |
| 2018-12-25T11:42:31.383890592Z | 78 | PC: 986fe | Find first file |
| 2018-12-25T11:42:31.389559117Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T11:42:31.392353809Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T11:42:31.402604678Z | 64 | PC: 9a848 | Write file or device (Write 26 bytes on handle 2) |
| 2018-12-25T11:42:31.407314481Z | 37 | PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write') |
| 2018-12-25T11:42:31.410890694Z | 37 | PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:42:31.42143102Z | 37 | PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:42:31.422430651Z | 62 | PC: 122ab | Close file |
| 2018-12-25T11:42:31.424252285Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.42544515Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.426958255Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.429076587Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.431396675Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.432807138Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.434044804Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.435554924Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.436816082Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.438073094Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.439867066Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.441012711Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.442038121Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.450375825Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:31.453357467Z | 99 | PC: 9a5d7 | Get DBCS lead byte table pointer |
| 2018-12-25T11:42:31.455878332Z | 56 | PC: 94df9 | Get or set country info |
| 2018-12-25T11:42:31.459815721Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:42:31.46609761Z | 25 | PC: 94e62 | Get default drive |
| 2018-12-25T11:42:31.468005859Z | 71 | PC: 970dd | Get current directory |
| 2018-12-25T11:42:31.47396211Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:42:31.478146407Z | 2 | PC: 970b2 | Character output (Char = '3e') |
| 2018-12-25T11:42:31.480560083Z | 93 | PC: 94f20 | File sharing functions |
| 2018-12-25T11:42:31.482796487Z | 93 | PC: 94f27 | File sharing functions |
| 2018-12-25T11:42:31.484602952Z | 10 | PC: 94f39 | Buffered keyboard input |
| 2018-12-25T11:42:46.411091994Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T11:42:47.765065881Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T11:42:47.867335141Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:42:47.87386453Z | 41 | PC: 94fae | Parse filename (See above) |
| 2018-12-25T11:42:47.875614231Z | 41 | PC: 9502f | Parse filename (See above) |
| 2018-12-25T11:42:47.877024013Z | 41 | PC: 9504c | Parse filename (See above) |
| 2018-12-25T11:42:47.87988595Z | 26 | PC: 984f7 | Set disk transfer address (See above) |
| 2018-12-25T11:42:47.882627387Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T11:42:47.891644618Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T11:42:47.902158883Z | 71 | PC: 9856c | Get current directory |
| 2018-12-25T11:42:47.908024255Z | 73 | PC: 97c09 | Release memory |
| 2018-12-25T11:42:47.910024114Z | 75 | PC: 11821 | Execute program |
| 2018-12-25T11:42:47.924535032Z | 9 | PC: 12a47 | Display string (String= 'Hello, World! ') |
| 2018-12-25T11:42:47.928475835Z | 76 | PC: 12a4b | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.458102618Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:31.469359152Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:31.472399358Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:31.473583201Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:31.480029644Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:31.485807414Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:31.500684624Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:31.512349276Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:31.518621891Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:31.519948848Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:31.522938581Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:31.525070175Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.527079167Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:31.529234152Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.532341664Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:31.541057159Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:31.542581517Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:31.549870254Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:31.551508464Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:31.552750502Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:31.557070886Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:31.564515687Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:31.566763453Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:31.569650492Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:31.574867992Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.609499052Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:31.612035941Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:31.625921816Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:31.627348927Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:31.634119058Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:31.641271196Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:31.660211907Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:31.673802666Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:31.682977259Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:31.685100266Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:31.688015536Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:31.691671431Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.694958264Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:31.69837813Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.702203281Z | 64 | PC: 141b6 | Write file or device (Write 1283 bytes on handle 5) |
| 2018-12-25T11:42:31.712242451Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:31.713920691Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:31.72184146Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:31.724309832Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:31.726176868Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:31.731073519Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:31.74013135Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:31.742831443Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:31.744290615Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:31.752509713Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:31.722448977Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:31.723860673Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:31.72806887Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:31.72946031Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:31.739414037Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:31.753608029Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:31.771055169Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:31.778830727Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:31.78676408Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:31.788465188Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:31.791280457Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:31.794073699Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.797425386Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:31.799976302Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:31.802947443Z | 64 | PC: 141b6 | Write file or device (Write 1283 bytes on handle 5) |
| 2018-12-25T11:42:31.813135943Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:31.815414589Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:31.822866381Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:31.826156019Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:31.827892874Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:31.833054804Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:31.842404057Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:31.845011091Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:31.846428001Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:31.853263141Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:32.078750607Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:32.080509519Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:32.084382979Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:32.086027933Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:32.093175377Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:32.100695481Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:32.11718798Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:32.130542248Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:32.138766132Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:32.140780417Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:32.143584138Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:32.160457884Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.162554017Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:32.164398584Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.166781996Z | 64 | PC: 141b6 | Write file or device (Write 1283 bytes on handle 5) |
| 2018-12-25T11:42:32.172683316Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:32.174731665Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:32.182515215Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:32.185290871Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:32.186710816Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:32.191124557Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:32.200347801Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:32.202643453Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:32.203842052Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:32.210785441Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:32.166382003Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:32.168088819Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:32.170319644Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:32.171794187Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:32.178786428Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:32.189271051Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:32.207821018Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:32.212069455Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:32.216634547Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:32.217574288Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:32.218885458Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:32.221302784Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.222656Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:32.224165244Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.226591797Z | 64 | PC: 141b6 | Write file or device (Write 1283 bytes on handle 5) |
| 2018-12-25T11:42:32.234873064Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:32.236077237Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:32.242893117Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:32.244233376Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:32.245295281Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:32.24943277Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:32.256618701Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:32.258017912Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:32.259291219Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:32.262485493Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:32.288043167Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:32.290628092Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:32.293814635Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:32.29516598Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:32.303150798Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:32.309633464Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:32.32677426Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:32.342637033Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:32.350464138Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:32.35193405Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:32.355275002Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:32.358840091Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.361779846Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:32.36531301Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.368384264Z | 64 | PC: 141b6 | Write file or device (Write 1283 bytes on handle 5) |
| 2018-12-25T11:42:32.37831217Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:32.380392774Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:32.388482736Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:32.390227683Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:32.391685316Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:32.397172321Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:32.405874491Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:32.408417665Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:32.410645028Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:32.417465238Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:32.550664406Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:32.552826196Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:32.555880344Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:32.557296257Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:32.564584302Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:32.576765778Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:32.594531593Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:32.601340299Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:32.611018466Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:32.612333259Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:32.614712113Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:32.61785169Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.620236611Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:32.622760235Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.626125521Z | 64 | PC: 141b6 | Write file or device (Write 1289 bytes on handle 5) |
| 2018-12-25T11:42:32.634789352Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:32.636093036Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:32.642902124Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:32.644425815Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:32.645617999Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:32.649710836Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:32.657591228Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:32.659579442Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:32.661616866Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:32.667178903Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:32.71932395Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:32.721245783Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:32.724157194Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:32.7253162Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:32.731614702Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:32.741716013Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:32.760037179Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:32.767620917Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:32.774001612Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:32.775284279Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:32.777331376Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:32.779615835Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.781430134Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:32.783194888Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:32.785504869Z | 64 | PC: 141b6 | Write file or device (Write 1289 bytes on handle 5) |
| 2018-12-25T11:42:32.790868418Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:32.792012653Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:32.797087391Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:32.798655237Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:32.799856744Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:32.803440988Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:32.808790403Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:32.810446162Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:32.812050445Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:32.816778077Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.21752735Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.219325623Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.223957033Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.225115031Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.232647352Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.244923645Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.261720609Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.270034699Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.277668022Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.279673289Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.282735043Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.28539817Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.287566502Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.290434905Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.293697999Z | 64 | PC: 141b6 | Write file or device (Write 1289 bytes on handle 5) |
| 2018-12-25T11:42:33.302985022Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.30454719Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:33.312224715Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:33.314705794Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:33.316305176Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:33.333183491Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:33.342053907Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:33.344454148Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:33.352291428Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:33.359124726Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.269449351Z | 64 | PC: 0 | Write file or device (Write 2 bytes on handle 1) |
| 2018-12-25T11:42:33.275548817Z | 41 | PC: 94fae | Parse filename |
| 2018-12-25T11:42:33.279416605Z | 41 | PC: 9502f | Parse filename |
| 2018-12-25T11:42:33.282453134Z | 41 | PC: 9504c | Parse filename |
| 2018-12-25T11:42:33.283776752Z | 26 | PC: 984f7 | Set disk transfer address |
| 2018-12-25T11:42:33.285415802Z | 71 | PC: 986f3 | Get current directory |
| 2018-12-25T11:42:33.287418304Z | 78 | PC: 986fe | Find first file |
| 2018-12-25T11:42:33.299249713Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T11:42:33.302706215Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T11:42:33.312673631Z | 64 | PC: 9a848 | Write file or device (Write 26 bytes on handle 2) |
| 2018-12-25T11:42:33.317447272Z | 37 | PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write') |
| 2018-12-25T11:42:33.319203247Z | 37 | PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:42:33.320404377Z | 37 | PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:42:33.321398632Z | 62 | PC: 122ab | Close file |
| 2018-12-25T11:42:33.323762342Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.325140433Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.326656564Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.32838563Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.330447878Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.332038812Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.333700399Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.335846604Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.337630703Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.33952743Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.341536032Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.3430649Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.348280324Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.350172141Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:42:33.35193082Z | 99 | PC: 9a5d7 | Get DBCS lead byte table pointer |
| 2018-12-25T11:42:33.353118194Z | 56 | PC: 94df9 | Get or set country info |
| 2018-12-25T11:42:33.355504065Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:42:33.361026705Z | 25 | PC: 94e62 | Get default drive |
| 2018-12-25T11:42:33.362585646Z | 71 | PC: 970dd | Get current directory |
| 2018-12-25T11:42:33.36699143Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:42:33.370092118Z | 2 | PC: 970b2 | Character output (Char = '3e') |
| 2018-12-25T11:42:33.372155958Z | 93 | PC: 94f20 | File sharing functions |
| 2018-12-25T11:42:33.377628335Z | 93 | PC: 94f27 | File sharing functions |
| 2018-12-25T11:42:33.379601957Z | 10 | PC: 94f39 | Buffered keyboard input |
| 2018-12-25T11:42:48.316910217Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T11:42:49.671685043Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T11:42:49.77447306Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:42:49.781315217Z | 41 | PC: 94fae | Parse filename (See above) |
| 2018-12-25T11:42:49.783377841Z | 41 | PC: 9502f | Parse filename (See above) |
| 2018-12-25T11:42:49.7850482Z | 41 | PC: 9504c | Parse filename (See above) |
| 2018-12-25T11:42:49.78886115Z | 26 | PC: 984f7 | Set disk transfer address (See above) |
| 2018-12-25T11:42:49.790849849Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T11:42:49.798814344Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T11:42:49.81071251Z | 71 | PC: 9856c | Get current directory |
| 2018-12-25T11:42:49.81437398Z | 73 | PC: 97c09 | Release memory |
| 2018-12-25T11:42:49.815666563Z | 75 | PC: 11821 | Execute program |
| 2018-12-25T11:42:49.829731171Z | 9 | PC: 12a47 | Display string (String= 'Hello, World! ') |
| 2018-12-25T11:42:49.833638867Z | 76 | PC: 12a4b | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.319847206Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.322254722Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.325651467Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.326961506Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.336548515Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.342979773Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.359516421Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.36705056Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.375143434Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.377505309Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.380704368Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.384896955Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.387459426Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.389858756Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.392635295Z | 64 | PC: 141b6 | Write file or device (Write 1289 bytes on handle 5) |
| 2018-12-25T11:42:33.398451895Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.399715652Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:33.405013606Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:33.414595594Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:33.415695363Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:33.419410416Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:33.425425535Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:33.427168113Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:33.428123433Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:33.432391623Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.331370067Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.333023862Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.335817864Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.336910871Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.343398845Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.353781505Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.371603177Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.383492228Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.400379967Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.40174869Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.404173208Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.406615839Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.408704845Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.412934951Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.415092511Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:33.423337022Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.424848914Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:33.431590134Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:33.432944945Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:33.434875862Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:33.438870843Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:33.446583422Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:33.449118766Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:33.455215656Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:33.460860975Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.441434647Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.444781601Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.446965923Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.447856548Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.45202791Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.459438203Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.477484372Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.485232377Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.493116042Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.494667375Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.49707895Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.499985419Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.503420375Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.506318799Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.510177643Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:33.51965488Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.521251296Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:33.528896863Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:33.530627835Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:33.53190576Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:33.537204728Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:33.554703341Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:33.557051324Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:33.558387093Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:33.5651793Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.531494477Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.536729371Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.54044202Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.542117557Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.549740927Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.556406955Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.574056609Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.588576469Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.596425755Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.59843487Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.604096775Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.606752626Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.609623979Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.612776912Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.616209105Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:33.625710184Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.627302495Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:33.635649414Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:33.637512203Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:33.63909847Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:33.652352588Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:33.661363912Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:33.665495498Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:33.667705511Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:33.674677013Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.510796462Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.512428351Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.515685441Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.516679886Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.52323469Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.534171667Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.550018514Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.557213969Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.563401165Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.564726265Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.566932589Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.569661409Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.571983456Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.574375169Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.57700698Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:33.586014334Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.587443281Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:33.595181205Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:33.597353685Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:33.598796233Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:33.603392281Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:33.611886916Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:33.615530808Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:33.617426651Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:33.622692867Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:33.91945885Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:33.921032387Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:33.92447877Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:33.925455023Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:33.929443216Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:33.933497798Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:33.946773897Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:33.954393886Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:33.972396704Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:33.973537964Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:33.975130619Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:33.977343731Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.979213447Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:33.981050996Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:33.983276194Z | 64 | PC: 141b6 | Write file or device (Write 1281 bytes on handle 5) |
| 2018-12-25T11:42:33.989618411Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:33.992314355Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:34.012492014Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:34.016237202Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:34.01825958Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:34.023619246Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:34.033387143Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:34.036163918Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:34.037797479Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:34.04502733Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:34.012615866Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:34.014081073Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:34.01850106Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:34.020553838Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:34.027667556Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:34.035267001Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:34.053556053Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:34.076354578Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:34.084890539Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:34.087292803Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:34.090116511Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:34.094022161Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.096762891Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:34.099694481Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.102883636Z | 64 | PC: 141b6 | Write file or device (Write 1282 bytes on handle 5) |
| 2018-12-25T11:42:34.11335795Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:34.115334819Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:34.123549699Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:34.135272898Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:34.137247385Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:34.143333094Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:34.153336502Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:34.156171663Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:34.157721585Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:34.165059881Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:34.111644193Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:34.114083534Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:34.120994017Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:34.122631593Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:34.130130219Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:34.147285039Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:34.164487924Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:34.172621984Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:34.181440309Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:34.183654566Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:34.187601744Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:34.191704032Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.19473123Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:34.197839871Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.202041611Z | 64 | PC: 141b6 | Write file or device (Write 1282 bytes on handle 5) |
| 2018-12-25T11:42:34.212042006Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:34.213704663Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:34.228635538Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:34.230426102Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:34.231928899Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:34.237893009Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:34.246890551Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:34.249414577Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:34.251391907Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:34.258350958Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:34.101818264Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:34.103831323Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:34.10686191Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:34.108313569Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:34.11586261Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:34.126755954Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:34.145378647Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:34.154457386Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:34.158701018Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:34.15997Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:34.16208186Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:34.164536515Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.166173954Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:34.168788844Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.172094224Z | 64 | PC: 141b6 | Write file or device (Write 1282 bytes on handle 5) |
| 2018-12-25T11:42:34.177437255Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:34.178394258Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:34.182989439Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:34.184216324Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:34.185204177Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:34.191946096Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:34.199614969Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:34.202082772Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:34.20361697Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:34.209263876Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:34.307844332Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:34.30981869Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:34.313366727Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:34.314389598Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:34.321095776Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:34.331978463Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:34.346821569Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:34.354938654Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:34.359566543Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:34.360639483Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:34.362069512Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:34.364396169Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.365996474Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:34.367611095Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.369695825Z | 64 | PC: 141b6 | Write file or device (Write 1282 bytes on handle 5) |
| 2018-12-25T11:42:34.375427811Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:34.376545695Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:34.381318683Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:34.38251136Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:34.383558843Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:34.386946761Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:34.392283298Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:34.39420115Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:34.395918476Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:34.401929851Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1065,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:34.780134846Z | 25 | PC: 13e90 | Get default drive |
| 2018-12-25T11:42:34.781709691Z | 71 | PC: 13e99 | Get current directory |
| 2018-12-25T11:42:34.78438303Z | 26 | PC: 13ea2 | Set disk transfer address |
| 2018-12-25T11:42:34.785332089Z | 78 | PC: 13eae | Find first file |
| 2018-12-25T11:42:34.791784034Z | 67 | PC: 13f30 | Get or set file attributes |
| 2018-12-25T11:42:34.798293676Z | 67 | PC: 13f3a | Get or set file attributes |
| 2018-12-25T11:42:34.819522515Z | 61 | PC: 13f48 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:42:34.831504095Z | 63 | PC: 13f56 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:42:34.83798222Z | 87 | PC: 13f80 | Get or set file date and time |
| 2018-12-25T11:42:34.839386528Z | 66 | PC: 13f96 | Move file pointer |
| 2018-12-25T11:42:34.841927531Z | 44 | PC: 14021 | Get time 0x14021: and cl, 1 0x14024: and dh, 1 0x14027: cmp cl, dh 0x14029: je 0x1403e 0x1402b: jb 0x14034 0x1402d: jl 0x14039 0x1402f: mov al, 0xf8 0x14031: jmp 0x14040 0x14033: nop 0x14034: mov al, 0x90 0x14036: jmp 0x14040 0x14038: nop 0x14039: mov al, 0xfb 0x1403b: jmp 0x14040 0x1403d: nop 0x1403e: mov al, 0xfc 0x14040: stosb byte ptr es:[di], al 0x14041: stosb byte ptr es:[di], al 0x14042: pop dx 0x14043: mov di, 0x5fc |
| 2018-12-25T11:42:34.844193156Z | 44 | PC: 14056 | Get time 0x14056: and ch, 1 0x14059: cmp ch, 1 0x1405c: je 0x14063 0x1405e: mov al, 0xf8 0x14060: jmp 0x14065 0x14062: nop 0x14063: mov al, 0xf9 0x14065: stosb byte ptr es:[di], al 0x14066: pop dx 0x14067: push dx 0x14068: mov ah, 0x2a 0x1406a: int 0x21 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.846661905Z | 42 | PC: 1406c | Get date 0x1406c: mov di, 0x5fc 0x1406f: add di, bp 0x14071: add di, 0x10a 0x14075: sub di, 0x100 0x14079: cmp dl, 0xe 0x1407c: jle 0x14085 0x1407e: mov ax, 0x58a 0x14081: stosw word ptr es:[di], ax 0x14082: jmp 0x14089 0x14084: nop 0x14085: inc di 0x14086: mov al, 0xac 0x14088: stosb byte ptr es:[di], al 0x14089: pop dx 0x1408a: mov di, 0x5fc 0x1408d: add di, bp 0x1408f: add di, 0x10c 0x14093: sub di, 0x100 0x14097: cmp dl, 3 0x1409a: jge 0x140a1 |
| 2018-12-25T11:42:34.849896854Z | 44 | PC: 140da | Get time 0x140da: push dx 0x140db: xor bx, bx 0x140dd: shr dx, 5 0x140e0: add bx, dx 0x140e2: pop dx 0x140e3: cmp dh, 0xa 0x140e6: jle 0x14115 0x140e8: cmp dh, 0x14 0x140eb: jle 0x1412e 0x140ed: cmp dh, 0x1e 0x140f0: jle 0x14147 0x140f2: cmp dh, 0x28 0x140f5: jle 0x14160 0x140f7: cmp dh, 0x32 0x140fa: jle 0x14179 0x140fc: pop dx 0x140fd: mov al, 0xbe 0x140ff: stosb byte ptr es:[di], al 0x14100: mov ax, dx 0x14102: stosw word ptr es:[di], ax |
| 2018-12-25T11:42:34.852306509Z | 64 | PC: 141b6 | Write file or device (Write 1282 bytes on handle 5) |
| 2018-12-25T11:42:34.864736477Z | 66 | PC: 141c2 | Move file pointer |
| 2018-12-25T11:42:34.868415572Z | 64 | PC: 141ce | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:42:34.875221221Z | 87 | PC: 141e1 | Get or set file date and time |
| 2018-12-25T11:42:34.877031551Z | 14 | PC: 141ed | Set default drive (Drive = 'A') |
| 2018-12-25T11:42:34.878558555Z | 59 | PC: 141f9 | Change current directory |
| 2018-12-25T11:42:34.883757795Z | 62 | PC: 141fd | Close file |
| 2018-12-25T11:42:34.891275873Z | 42 | PC: 14201 | Get date 0x14201: cmp dh, dl 0x14203: jne 0x14217 0x14205: cmp dh, 0xb 0x14208: jne 0x14217 0x1420a: mov ah, 9 0x1420c: mov dx, 0x505 0x1420f: add dx, bp 0x14211: int 0x21 0x14213: xor ah, ah 0x14215: int 0x16 0x14217: mov di, 0x100 0x1421a: mov ax, di 0x1421c: mov si, 0x4fd 0x1421f: add si, bp 0x14221: mov cx, 4 0x14224: rep movsb byte ptr es:[di], byte ptr [si] 0x14226: push ax 0x14227: mov ah, 0x1a 0x14229: mov dx, 0x80 0x1422c: int 0x21 |
| 2018-12-25T11:42:34.893270077Z | 26 | PC: 1422e | Set disk transfer address |
| 2018-12-25T11:42:34.895271Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:42:34.901113203Z | 0 | PC: 12a89 | Program terminate |