{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14262,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:13.887179431Z | 42 | PC: 13f0b | Get date 0x13f0b: cmp dx, 0x616 0x13f0f: jbe 0x13f18 0x13f11: cmp al, 4 0x13f13: jne 0x13f18 0x13f15: call 0x1439d 0x13f18: mov byte ptr cs:[bx + 9], 0 0x13f1d: mov ah, 0x30 0x13f1f: int 0x21 0x13f21: mov bx, word ptr [bp] 0x13f24: nop 0x13f25: cmp byte ptr cs:[bx + 9], 0 0x13f2a: je 0x13f30 0x13f2c: jmp 0x13f93 0x13f2e: nop 0x13f2f: nop 0x13f30: lds si, ptr es:[6] 0x13f35: lds si, ptr [si + 1] 0x13f38: mov word ptr cs:[bx + 7], ds 0x13f3c: xor ax, ax 0x13f3e: mov ds, ax |
| 2018-12-25T12:40:13.889472452Z | 48 | PC: 13f21 | Get DOS version |
| 2018-12-25T12:40:13.891261438Z | 48 | PC: 13f77 | Get DOS version |
| 2018-12-25T12:40:13.892399551Z | 72 | PC: 13f9c | Allocate memory |
| 2018-12-25T12:40:13.893834539Z | 74 | PC: 13fb1 | Reallocate memory |
| 2018-12-25T12:40:13.895695973Z | 72 | PC: 13f9c | Allocate memory (See above) |
| 2018-12-25T12:40:13.897359925Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:13.901180275Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14262,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:14.531101679Z | 42 | PC: 13f0b | Get date 0x13f0b: cmp dx, 0x616 0x13f0f: jbe 0x13f18 0x13f11: cmp al, 4 0x13f13: jne 0x13f18 0x13f15: call 0x1439d 0x13f18: mov byte ptr cs:[bx + 9], 0 0x13f1d: mov ah, 0x30 0x13f1f: int 0x21 0x13f21: mov bx, word ptr [bp] 0x13f24: nop 0x13f25: cmp byte ptr cs:[bx + 9], 0 0x13f2a: je 0x13f30 0x13f2c: jmp 0x13f93 0x13f2e: nop 0x13f2f: nop 0x13f30: lds si, ptr es:[6] 0x13f35: lds si, ptr [si + 1] 0x13f38: mov word ptr cs:[bx + 7], ds 0x13f3c: xor ax, ax 0x13f3e: mov ds, ax |
| 2018-12-25T12:40:14.536056134Z | 48 | PC: 13f21 | Get DOS version |
| 2018-12-25T12:40:14.538137452Z | 48 | PC: 13f77 | Get DOS version |
| 2018-12-25T12:40:14.545303792Z | 72 | PC: 13f9c | Allocate memory |
| 2018-12-25T12:40:14.549216576Z | 74 | PC: 13fb1 | Reallocate memory |
| 2018-12-25T12:40:14.55106867Z | 72 | PC: 13f9c | Allocate memory (See above) |
| 2018-12-25T12:40:14.553887407Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:14.560755297Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14262,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:14.637366888Z | 42 | PC: 13f0b | Get date 0x13f0b: cmp dx, 0x616 0x13f0f: jbe 0x13f18 0x13f11: cmp al, 4 0x13f13: jne 0x13f18 0x13f15: call 0x1439d 0x13f18: mov byte ptr cs:[bx + 9], 0 0x13f1d: mov ah, 0x30 0x13f1f: int 0x21 0x13f21: mov bx, word ptr [bp] 0x13f24: nop 0x13f25: cmp byte ptr cs:[bx + 9], 0 0x13f2a: je 0x13f30 0x13f2c: jmp 0x13f93 0x13f2e: nop 0x13f2f: nop 0x13f30: lds si, ptr es:[6] 0x13f35: lds si, ptr [si + 1] 0x13f38: mov word ptr cs:[bx + 7], ds 0x13f3c: xor ax, ax 0x13f3e: mov ds, ax |
| 2018-12-25T12:40:14.640593606Z | 48 | PC: 13f21 | Get DOS version |
| 2018-12-25T12:40:14.642081489Z | 48 | PC: 13f77 | Get DOS version |
| 2018-12-25T12:40:14.643760063Z | 72 | PC: 13f9c | Allocate memory |
| 2018-12-25T12:40:14.645696558Z | 74 | PC: 13fb1 | Reallocate memory |
| 2018-12-25T12:40:14.650195987Z | 72 | PC: 13f9c | Allocate memory (See above) |
| 2018-12-25T12:40:14.653617844Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:14.660174267Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14262,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:15.396149193Z | 42 | PC: 13f0b | Get date 0x13f0b: cmp dx, 0x616 0x13f0f: jbe 0x13f18 0x13f11: cmp al, 4 0x13f13: jne 0x13f18 0x13f15: call 0x1439d 0x13f18: mov byte ptr cs:[bx + 9], 0 0x13f1d: mov ah, 0x30 0x13f1f: int 0x21 0x13f21: mov bx, word ptr [bp] 0x13f24: nop 0x13f25: cmp byte ptr cs:[bx + 9], 0 0x13f2a: je 0x13f30 0x13f2c: jmp 0x13f93 0x13f2e: nop 0x13f2f: nop 0x13f30: lds si, ptr es:[6] 0x13f35: lds si, ptr [si + 1] 0x13f38: mov word ptr cs:[bx + 7], ds 0x13f3c: xor ax, ax 0x13f3e: mov ds, ax |
| 2018-12-25T12:40:15.399091101Z | 48 | PC: 13f21 | Get DOS version |
| 2018-12-25T12:40:15.400549549Z | 48 | PC: 13f77 | Get DOS version |
| 2018-12-25T12:40:15.402118978Z | 72 | PC: 13f9c | Allocate memory |
| 2018-12-25T12:40:15.405160925Z | 74 | PC: 13fb1 | Reallocate memory |
| 2018-12-25T12:40:15.406913966Z | 72 | PC: 13f9c | Allocate memory (See above) |
| 2018-12-25T12:40:15.409223209Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:15.415239177Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14262,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:15.40596849Z | 42 | PC: 13f0b | Get date 0x13f0b: cmp dx, 0x616 0x13f0f: jbe 0x13f18 0x13f11: cmp al, 4 0x13f13: jne 0x13f18 0x13f15: call 0x1439d 0x13f18: mov byte ptr cs:[bx + 9], 0 0x13f1d: mov ah, 0x30 0x13f1f: int 0x21 0x13f21: mov bx, word ptr [bp] 0x13f24: nop 0x13f25: cmp byte ptr cs:[bx + 9], 0 0x13f2a: je 0x13f30 0x13f2c: jmp 0x13f93 0x13f2e: nop 0x13f2f: nop 0x13f30: lds si, ptr es:[6] 0x13f35: lds si, ptr [si + 1] 0x13f38: mov word ptr cs:[bx + 7], ds 0x13f3c: xor ax, ax 0x13f3e: mov ds, ax |
| 2018-12-25T12:40:15.409451897Z | 48 | PC: 13f21 | Get DOS version |
| 2018-12-25T12:40:15.411716789Z | 48 | PC: 13f77 | Get DOS version |
| 2018-12-25T12:40:15.413545665Z | 72 | PC: 13f9c | Allocate memory |
| 2018-12-25T12:40:15.415780389Z | 74 | PC: 13fb1 | Reallocate memory |
| 2018-12-25T12:40:15.418433811Z | 72 | PC: 13f9c | Allocate memory (See above) |
| 2018-12-25T12:40:15.421131054Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:15.428047796Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14262,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:15.462906466Z | 42 | PC: 13f0b | Get date 0x13f0b: cmp dx, 0x616 0x13f0f: jbe 0x13f18 0x13f11: cmp al, 4 0x13f13: jne 0x13f18 0x13f15: call 0x1439d 0x13f18: mov byte ptr cs:[bx + 9], 0 0x13f1d: mov ah, 0x30 0x13f1f: int 0x21 0x13f21: mov bx, word ptr [bp] 0x13f24: nop 0x13f25: cmp byte ptr cs:[bx + 9], 0 0x13f2a: je 0x13f30 0x13f2c: jmp 0x13f93 0x13f2e: nop 0x13f2f: nop 0x13f30: lds si, ptr es:[6] 0x13f35: lds si, ptr [si + 1] 0x13f38: mov word ptr cs:[bx + 7], ds 0x13f3c: xor ax, ax 0x13f3e: mov ds, ax |
| 2018-12-25T12:40:15.465754127Z | 48 | PC: 13f21 | Get DOS version |
| 2018-12-25T12:40:15.479864782Z | 48 | PC: 13f77 | Get DOS version |
| 2018-12-25T12:40:15.481680306Z | 72 | PC: 13f9c | Allocate memory |
| 2018-12-25T12:40:15.483918193Z | 74 | PC: 13fb1 | Reallocate memory |
| 2018-12-25T12:40:15.486562004Z | 72 | PC: 13f9c | Allocate memory (See above) |
| 2018-12-25T12:40:15.490327855Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:15.497550421Z | 0 | PC: 12a89 | Program terminate |