{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:54.809513145Z | 37 | PC: 19ed4 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:40:54.811513034Z | 42 | PC: 19ed8 | Get date 0x19ed8: cmp al, 1 0x19eda: jne 0x19ee4 0x19edc: dec al 0x19ede: out 0xa0, al 0x19ee0: mov al, 0xb0 0x19ee2: out 0x41, al 0x19ee4: mov ax, cs 0x19ee6: mov ds, ax 0x19ee8: mov es, ax 0x19eea: pop ax 0x19eeb: push cs 0x19eec: mov cx, 0x100 0x19eef: push cx 0x19ef0: mov cx, word ptr [0xfe] 0x19ef4: sub cx, 0x100 0x19ef8: retf 0x19ef9: jmp 0x19f37 0x19efb: nop 0x19efc: mov ax, 0xe000 0x19eff: mov ds, ax |
| 2018-12-25T12:40:54.814535075Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ') |
| 2018-12-25T12:40:54.821136247Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14564,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:56.627520732Z | 37 | PC: 19ed4 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-25T12:40:56.629792642Z | 42 | PC: 19ed8 | Get date 0x19ed8: cmp al, 1 0x19eda: jne 0x19ee4 0x19edc: dec al 0x19ede: out 0xa0, al 0x19ee0: mov al, 0xb0 0x19ee2: out 0x41, al 0x19ee4: mov ax, cs 0x19ee6: mov ds, ax 0x19ee8: mov es, ax 0x19eea: pop ax 0x19eeb: push cs 0x19eec: mov cx, 0x100 0x19eef: push cx 0x19ef0: mov cx, word ptr [0xfe] 0x19ef4: sub cx, 0x100 0x19ef8: retf 0x19ef9: jmp 0x19f37 0x19efb: nop 0x19efc: mov ax, 0xe000 0x19eff: mov ds, ax |
| 2018-12-25T12:40:56.63291298Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ') |
| 2018-12-25T12:40:56.641104509Z | 0 | PC: 12a89 | Program terminate |