{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:42.754275483Z | 53 | PC: 13ed9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.756017408Z | 37 | PC: 13eeb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.757348123Z | 71 | PC: 13ef6 | Get current directory |
| 2018-12-25T12:40:42.760383475Z | 25 | PC: 13efb | Get default drive |
| 2018-12-25T12:40:42.762206278Z | 26 | PC: 13f22 | Set disk transfer address |
| 2018-12-25T12:40:42.763642713Z | 42 | PC: 13f26 | Get date 0x13f26: cmp dx, 0x202 0x13f2a: jne 0x13f2f 0x13f2c: jmp 0x140f3 0x13f2f: mov ah, 0x4e 0x13f31: lea dx, word ptr [si + 0x43f] 0x13f35: mov cx, 7 0x13f38: int 0x21 0x13f3a: jae 0x13f80 0x13f3c: mov ah, 0x1a 0x13f3e: lea dx, word ptr [si + 0x51f] 0x13f42: int 0x21 0x13f44: mov ah, 0x3b 0x13f46: lea dx, word ptr [si + 0x449] 0x13f4a: int 0x21 0x13f4c: jb 0x13f50 0x13f4e: jmp 0x13f1a 0x13f50: cmp byte ptr [si + 0x464], 1 0x13f55: je 0x13f70 0x13f57: mov al, 1 0x13f59: mov byte ptr [si + 0x464], al |
| 2018-12-25T12:40:42.765777814Z | 78 | PC: 13f3a | Find first file |
| 2018-12-25T12:40:42.772520612Z | 67 | PC: 13f93 | Get or set file attributes |
| 2018-12-25T12:40:42.791578049Z | 61 | PC: 14142 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:42.803639723Z | 63 | PC: 13fba | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:40:42.809894473Z | 66 | PC: 14138 | Move file pointer |
| 2018-12-25T12:40:42.812853838Z | 44 | PC: 14026 | Get time 0x14026: cmp dx, 0 0x14029: je 0x14022 0x1402b: mov word ptr [si + 0x119], dx 0x1402f: mov cl, 8 0x14031: ror dx, cl 0x14033: mov word ptr [si + 0x462], dx 0x14037: cmp dl, 0x1e 0x1403a: jle 0x1403f 0x1403c: jmp 0x14060 0x1403e: nop 0x1403f: lea si, word ptr [bp + 0x144] 0x14043: lea di, word ptr [bp + 0x11b] 0x14047: mov cx, 0x11 0x1404a: nop 0x1404b: call 0x1410a 0x1404e: lea si, word ptr [bp + 0x155] 0x14052: lea di, word ptr [bp + 0x134] 0x14056: mov cx, 6 0x14059: nop 0x1405a: call 0x1410a |
| 2018-12-25T12:40:42.815831723Z | 64 | PC: 13e75 | Write file or device (Write 867 bytes on handle 5) |
| 2018-12-25T12:40:42.824625942Z | 66 | PC: 1412e | Move file pointer |
| 2018-12-25T12:40:42.827132923Z | 64 | PC: 140a3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:40:42.833782141Z | 87 | PC: 140b4 | Get or set file date and time |
| 2018-12-25T12:40:42.835336885Z | 62 | PC: 140b8 | Close file |
| 2018-12-25T12:40:42.857447306Z | 67 | PC: 140c7 | Get or set file attributes |
| 2018-12-25T12:40:42.867619017Z | 59 | PC: 140cf | Change current directory |
| 2018-12-25T12:40:42.871980349Z | 26 | PC: 140d6 | Set disk transfer address |
| 2018-12-25T12:40:42.874616737Z | 37 | PC: 140e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.876106685Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:42.882437888Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:42.814342514Z | 53 | PC: 13ed9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.820105683Z | 37 | PC: 13eeb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.821809314Z | 71 | PC: 13ef6 | Get current directory |
| 2018-12-25T12:40:42.826128123Z | 25 | PC: 13efb | Get default drive |
| 2018-12-25T12:40:42.828378777Z | 26 | PC: 13f22 | Set disk transfer address |
| 2018-12-25T12:40:42.829990092Z | 42 | PC: 13f26 | Get date 0x13f26: cmp dx, 0x202 0x13f2a: jne 0x13f2f 0x13f2c: jmp 0x140f3 0x13f2f: mov ah, 0x4e 0x13f31: lea dx, word ptr [si + 0x43f] 0x13f35: mov cx, 7 0x13f38: int 0x21 0x13f3a: jae 0x13f80 0x13f3c: mov ah, 0x1a 0x13f3e: lea dx, word ptr [si + 0x51f] 0x13f42: int 0x21 0x13f44: mov ah, 0x3b 0x13f46: lea dx, word ptr [si + 0x449] 0x13f4a: int 0x21 0x13f4c: jb 0x13f50 0x13f4e: jmp 0x13f1a 0x13f50: cmp byte ptr [si + 0x464], 1 0x13f55: je 0x13f70 0x13f57: mov al, 1 0x13f59: mov byte ptr [si + 0x464], al |
| 2018-12-25T12:40:42.832739519Z | 78 | PC: 13f3a | Find first file |
| 2018-12-25T12:40:42.840163207Z | 67 | PC: 13f93 | Get or set file attributes |
| 2018-12-25T12:40:42.858367953Z | 61 | PC: 14142 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:42.866124196Z | 63 | PC: 13fba | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:40:42.873598177Z | 66 | PC: 14138 | Move file pointer |
| 2018-12-25T12:40:42.875834618Z | 44 | PC: 14026 | Get time 0x14026: cmp dx, 0 0x14029: je 0x14022 0x1402b: mov word ptr [si + 0x119], dx 0x1402f: mov cl, 8 0x14031: ror dx, cl 0x14033: mov word ptr [si + 0x462], dx 0x14037: cmp dl, 0x1e 0x1403a: jle 0x1403f 0x1403c: jmp 0x14060 0x1403e: nop 0x1403f: lea si, word ptr [bp + 0x144] 0x14043: lea di, word ptr [bp + 0x11b] 0x14047: mov cx, 0x11 0x1404a: nop 0x1404b: call 0x1410a 0x1404e: lea si, word ptr [bp + 0x155] 0x14052: lea di, word ptr [bp + 0x134] 0x14056: mov cx, 6 0x14059: nop 0x1405a: call 0x1410a |
| 2018-12-25T12:40:42.878640407Z | 64 | PC: 13e75 | Write file or device (Write 867 bytes on handle 5) |
| 2018-12-25T12:40:42.890120398Z | 66 | PC: 1412e | Move file pointer |
| 2018-12-25T12:40:42.893214863Z | 64 | PC: 140a3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:40:42.901102811Z | 87 | PC: 140b4 | Get or set file date and time |
| 2018-12-25T12:40:42.90279809Z | 62 | PC: 140b8 | Close file |
| 2018-12-25T12:40:42.918026066Z | 67 | PC: 140c7 | Get or set file attributes |
| 2018-12-25T12:40:42.929477991Z | 59 | PC: 140cf | Change current directory |
| 2018-12-25T12:40:42.939028701Z | 26 | PC: 140d6 | Set disk transfer address |
| 2018-12-25T12:40:42.941839334Z | 37 | PC: 140e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.943480852Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:42.950967736Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:42.880509777Z | 53 | PC: 13ed9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.88237756Z | 37 | PC: 13eeb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:42.884581484Z | 71 | PC: 13ef6 | Get current directory |
| 2018-12-25T12:40:42.888245694Z | 25 | PC: 13efb | Get default drive |
| 2018-12-25T12:40:42.88994498Z | 26 | PC: 13f22 | Set disk transfer address |
| 2018-12-25T12:40:42.893264844Z | 42 | PC: 13f26 | Get date 0x13f26: cmp dx, 0x202 0x13f2a: jne 0x13f2f 0x13f2c: jmp 0x140f3 0x13f2f: mov ah, 0x4e 0x13f31: lea dx, word ptr [si + 0x43f] 0x13f35: mov cx, 7 0x13f38: int 0x21 0x13f3a: jae 0x13f80 0x13f3c: mov ah, 0x1a 0x13f3e: lea dx, word ptr [si + 0x51f] 0x13f42: int 0x21 0x13f44: mov ah, 0x3b 0x13f46: lea dx, word ptr [si + 0x449] 0x13f4a: int 0x21 0x13f4c: jb 0x13f50 0x13f4e: jmp 0x13f1a 0x13f50: cmp byte ptr [si + 0x464], 1 0x13f55: je 0x13f70 0x13f57: mov al, 1 0x13f59: mov byte ptr [si + 0x464], al |
| 2018-12-25T12:40:42.896135746Z | 78 | PC: 13f3a | Find first file |
| 2018-12-25T12:40:42.907922042Z | 67 | PC: 13f93 | Get or set file attributes |
| 2018-12-25T12:40:42.926124743Z | 61 | PC: 14142 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:42.933994773Z | 63 | PC: 13fba | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:40:42.941571262Z | 66 | PC: 14138 | Move file pointer |
| 2018-12-25T12:40:42.944910615Z | 44 | PC: 14026 | Get time 0x14026: cmp dx, 0 0x14029: je 0x14022 0x1402b: mov word ptr [si + 0x119], dx 0x1402f: mov cl, 8 0x14031: ror dx, cl 0x14033: mov word ptr [si + 0x462], dx 0x14037: cmp dl, 0x1e 0x1403a: jle 0x1403f 0x1403c: jmp 0x14060 0x1403e: nop 0x1403f: lea si, word ptr [bp + 0x144] 0x14043: lea di, word ptr [bp + 0x11b] 0x14047: mov cx, 0x11 0x1404a: nop 0x1404b: call 0x1410a 0x1404e: lea si, word ptr [bp + 0x155] 0x14052: lea di, word ptr [bp + 0x134] 0x14056: mov cx, 6 0x14059: nop 0x1405a: call 0x1410a |
| 2018-12-25T12:40:42.948069699Z | 64 | PC: 13e75 | Write file or device (Write 867 bytes on handle 5) |
| 2018-12-25T12:40:42.957950011Z | 66 | PC: 1412e | Move file pointer |
| 2018-12-25T12:40:42.960662651Z | 64 | PC: 140a3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:40:42.968584656Z | 87 | PC: 140b4 | Get or set file date and time |
| 2018-12-25T12:40:42.970634926Z | 62 | PC: 140b8 | Close file |
| 2018-12-25T12:40:42.979815867Z | 67 | PC: 140c7 | Get or set file attributes |
| 2018-12-25T12:40:42.991730872Z | 59 | PC: 140cf | Change current directory |
| 2018-12-25T12:40:42.997411595Z | 26 | PC: 140d6 | Set disk transfer address |
| 2018-12-25T12:40:42.999246896Z | 37 | PC: 140e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:43.002314695Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:43.00849126Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14421,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:43.079091668Z | 53 | PC: 13ed9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:43.082207158Z | 37 | PC: 13eeb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:43.083917397Z | 71 | PC: 13ef6 | Get current directory |
| 2018-12-25T12:40:43.087485942Z | 25 | PC: 13efb | Get default drive |
| 2018-12-25T12:40:43.089915542Z | 26 | PC: 13f22 | Set disk transfer address |
| 2018-12-25T12:40:43.091326902Z | 42 | PC: 13f26 | Get date 0x13f26: cmp dx, 0x202 0x13f2a: jne 0x13f2f 0x13f2c: jmp 0x140f3 0x13f2f: mov ah, 0x4e 0x13f31: lea dx, word ptr [si + 0x43f] 0x13f35: mov cx, 7 0x13f38: int 0x21 0x13f3a: jae 0x13f80 0x13f3c: mov ah, 0x1a 0x13f3e: lea dx, word ptr [si + 0x51f] 0x13f42: int 0x21 0x13f44: mov ah, 0x3b 0x13f46: lea dx, word ptr [si + 0x449] 0x13f4a: int 0x21 0x13f4c: jb 0x13f50 0x13f4e: jmp 0x13f1a 0x13f50: cmp byte ptr [si + 0x464], 1 0x13f55: je 0x13f70 0x13f57: mov al, 1 0x13f59: mov byte ptr [si + 0x464], al |
| 2018-12-25T12:40:43.094073038Z | 78 | PC: 13f3a | Find first file |
| 2018-12-25T12:40:43.101254594Z | 67 | PC: 13f93 | Get or set file attributes |
| 2018-12-25T12:40:43.120193168Z | 61 | PC: 14142 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:40:43.128395321Z | 63 | PC: 13fba | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:40:43.135644303Z | 66 | PC: 14138 | Move file pointer |
| 2018-12-25T12:40:43.137737176Z | 44 | PC: 14026 | Get time 0x14026: cmp dx, 0 0x14029: je 0x14022 0x1402b: mov word ptr [si + 0x119], dx 0x1402f: mov cl, 8 0x14031: ror dx, cl 0x14033: mov word ptr [si + 0x462], dx 0x14037: cmp dl, 0x1e 0x1403a: jle 0x1403f 0x1403c: jmp 0x14060 0x1403e: nop 0x1403f: lea si, word ptr [bp + 0x144] 0x14043: lea di, word ptr [bp + 0x11b] 0x14047: mov cx, 0x11 0x1404a: nop 0x1404b: call 0x1410a 0x1404e: lea si, word ptr [bp + 0x155] 0x14052: lea di, word ptr [bp + 0x134] 0x14056: mov cx, 6 0x14059: nop 0x1405a: call 0x1410a |
| 2018-12-25T12:40:43.141347418Z | 64 | PC: 13e75 | Write file or device (Write 867 bytes on handle 5) |
| 2018-12-25T12:40:43.151160294Z | 66 | PC: 1412e | Move file pointer |
| 2018-12-25T12:40:43.153425151Z | 64 | PC: 140a3 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:40:43.161680469Z | 87 | PC: 140b4 | Get or set file date and time |
| 2018-12-25T12:40:43.164337728Z | 62 | PC: 140b8 | Close file |
| 2018-12-25T12:40:43.174222882Z | 67 | PC: 140c7 | Get or set file attributes |
| 2018-12-25T12:40:43.185343367Z | 59 | PC: 140cf | Change current directory |
| 2018-12-25T12:40:43.190098898Z | 26 | PC: 140d6 | Set disk transfer address |
| 2018-12-25T12:40:43.192023925Z | 37 | PC: 140e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:40:43.193491066Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:40:43.199802486Z | 0 | PC: 12a89 | Program terminate |