{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:32.047557834Z | 88 | PC: 19e53 | case 0xGet or set allocation strateg: |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:31.997923464Z | 64 | PC: 0 | Write file or device (Write 2 bytes on handle 1) |
| 2018-12-25T11:49:32.004493508Z | 41 | PC: 94fae | Parse filename |
| 2018-12-25T11:49:32.006828259Z | 41 | PC: 9502f | Parse filename |
| 2018-12-25T11:49:32.010014991Z | 41 | PC: 9504c | Parse filename |
| 2018-12-25T11:49:32.01230927Z | 26 | PC: 984f7 | Set disk transfer address |
| 2018-12-25T11:49:32.025456743Z | 71 | PC: 986f3 | Get current directory |
| 2018-12-25T11:49:32.028294746Z | 78 | PC: 986fe | Find first file |
| 2018-12-25T11:49:32.037496187Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T11:49:32.040583436Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T11:49:32.050299758Z | 64 | PC: 9a848 | Write file or device (Write 26 bytes on handle 2) |
| 2018-12-25T11:49:32.054877093Z | 37 | PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write') |
| 2018-12-25T11:49:32.061508532Z | 37 | PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-25T11:49:32.062633678Z | 37 | PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:49:32.06374637Z | 62 | PC: 122ab | Close file |
| 2018-12-25T11:49:32.066445993Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.067804205Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.069139434Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.071516978Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.072920746Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.074302878Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.076455336Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.077836928Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.079214177Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.081565852Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.083367063Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.085403672Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.087924692Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.08999076Z | 62 | PC: 122ab | Close file (See above) |
| 2018-12-25T11:49:32.092379907Z | 99 | PC: 9a5d7 | Get DBCS lead byte table pointer |
| 2018-12-25T11:49:32.094879143Z | 56 | PC: 94df9 | Get or set country info |
| 2018-12-25T11:49:32.096637846Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:49:32.100838747Z | 25 | PC: 94e62 | Get default drive |
| 2018-12-25T11:49:32.111759609Z | 71 | PC: 970dd | Get current directory |
| 2018-12-25T11:49:32.115573498Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:49:32.118625266Z | 2 | PC: 970b2 | Character output (Char = '3e') |
| 2018-12-25T11:49:32.121933273Z | 93 | PC: 94f20 | File sharing functions |
| 2018-12-25T11:49:32.124804431Z | 93 | PC: 94f27 | File sharing functions |
| 2018-12-25T11:49:32.126355885Z | 10 | PC: 94f39 | Buffered keyboard input |
| 2018-12-25T11:49:47.04578035Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T11:49:48.403200856Z | 0 | PC: 0 | Program terminate (See above) |
| 2018-12-25T11:49:48.506272865Z | 64 | PC: 9a848 | Write file or device (See above) |
| 2018-12-25T11:49:48.512167943Z | 41 | PC: 94fae | Parse filename (See above) |
| 2018-12-25T11:49:48.514230098Z | 41 | PC: 9502f | Parse filename (See above) |
| 2018-12-25T11:49:48.516792183Z | 41 | PC: 9504c | Parse filename (See above) |
| 2018-12-25T11:49:48.520128851Z | 26 | PC: 984f7 | Set disk transfer address (See above) |
| 2018-12-25T11:49:48.521670645Z | 71 | PC: 986f3 | Get current directory (See above) |
| 2018-12-25T11:49:48.532453263Z | 78 | PC: 986fe | Find first file (See above) |
| 2018-12-25T11:49:48.541420266Z | 71 | PC: 9856c | Get current directory |
| 2018-12-25T11:49:48.544291022Z | 73 | PC: 97c09 | Release memory |
| 2018-12-25T11:49:48.546229558Z | 75 | PC: 11821 | Execute program |
| 2018-12-25T11:49:48.559547303Z | 9 | PC: 12a47 | Display string (String= 'Hello, World! ') |
| 2018-12-25T11:49:48.563275387Z | 76 | PC: 12a4b | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":9,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:32.236921021Z | 42 | PC: 19ef5 | Get date 0x19ef5: cmp dx, 0x809 0x19ef9: jbe 0x19f02 0x19efb: cmp al, 4 0x19efd: jne 0x19f02 0x19eff: call 0x1a45f 0x19f02: mov byte ptr cs:[bx + 9], 0 0x19f07: mov ah, 0x30 0x19f09: int 0x21 0x19f0b: mov bx, word ptr [bp] 0x19f0e: nop 0x19f0f: cmp byte ptr cs:[bx + 9], 0 0x19f14: je 0x19f18 0x19f16: jmp 0x19f7b 0x19f18: lds si, ptr es:[6] 0x19f1d: lds si, ptr [si + 1] 0x19f20: mov word ptr cs:[bx + 7], ds 0x19f24: xor ax, ax 0x19f26: mov ds, ax 0x19f28: lds si, ptr [4] 0x19f2c: mov word ptr cs:[bx + 0xa], si |
| 2018-12-25T11:49:32.240613826Z | 48 | PC: 19f0b | Get DOS version |
| 2018-12-25T11:49:32.242674446Z | 48 | PC: 19f5f | Get DOS version |
| 2018-12-25T11:49:32.244547915Z | 72 | PC: 19f84 | Allocate memory |
| 2018-12-25T11:49:32.247653544Z | 74 | PC: 19f99 | Reallocate memory |
| 2018-12-25T11:49:32.24940656Z | 72 | PC: 19f84 | Allocate memory (See above) |
| 2018-12-25T11:49:32.251903781Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ') |
| 2018-12-25T11:49:32.259520955Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:32.41729925Z | 42 | PC: 19ef5 | Get date 0x19ef5: cmp dx, 0x809 0x19ef9: jbe 0x19f02 0x19efb: cmp al, 4 0x19efd: jne 0x19f02 0x19eff: call 0x1a45f 0x19f02: mov byte ptr cs:[bx + 9], 0 0x19f07: mov ah, 0x30 0x19f09: int 0x21 0x19f0b: mov bx, word ptr [bp] 0x19f0e: nop 0x19f0f: cmp byte ptr cs:[bx + 9], 0 0x19f14: je 0x19f18 0x19f16: jmp 0x19f7b 0x19f18: lds si, ptr es:[6] 0x19f1d: lds si, ptr [si + 1] 0x19f20: mov word ptr cs:[bx + 7], ds 0x19f24: xor ax, ax 0x19f26: mov ds, ax 0x19f28: lds si, ptr [4] 0x19f2c: mov word ptr cs:[bx + 0xa], si |
| 2018-12-25T11:49:32.420109747Z | 48 | PC: 19f0b | Get DOS version |
| 2018-12-25T11:49:32.43731449Z | 48 | PC: 19f5f | Get DOS version |
| 2018-12-25T11:49:32.43828051Z | 72 | PC: 19f84 | Allocate memory |
| 2018-12-25T11:49:32.439961045Z | 74 | PC: 19f99 | Reallocate memory |
| 2018-12-25T11:49:32.441408442Z | 72 | PC: 19f84 | Allocate memory (See above) |
| 2018-12-25T11:49:32.442967478Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ') |
| 2018-12-25T11:49:32.447089167Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:32.622684463Z | 42 | PC: 19ef5 | Get date 0x19ef5: cmp dx, 0x809 0x19ef9: jbe 0x19f02 0x19efb: cmp al, 4 0x19efd: jne 0x19f02 0x19eff: call 0x1a45f 0x19f02: mov byte ptr cs:[bx + 9], 0 0x19f07: mov ah, 0x30 0x19f09: int 0x21 0x19f0b: mov bx, word ptr [bp] 0x19f0e: nop 0x19f0f: cmp byte ptr cs:[bx + 9], 0 0x19f14: je 0x19f18 0x19f16: jmp 0x19f7b 0x19f18: lds si, ptr es:[6] 0x19f1d: lds si, ptr [si + 1] 0x19f20: mov word ptr cs:[bx + 7], ds 0x19f24: xor ax, ax 0x19f26: mov ds, ax 0x19f28: lds si, ptr [4] 0x19f2c: mov word ptr cs:[bx + 0xa], si |
| 2018-12-25T11:49:32.627225502Z | 48 | PC: 19f0b | Get DOS version |
| 2018-12-25T11:49:32.628669989Z | 48 | PC: 19f5f | Get DOS version |
| 2018-12-25T11:49:32.630685857Z | 72 | PC: 19f84 | Allocate memory |
| 2018-12-25T11:49:32.633405562Z | 74 | PC: 19f99 | Reallocate memory |
| 2018-12-25T11:49:32.63478577Z | 72 | PC: 19f84 | Allocate memory (See above) |
| 2018-12-25T11:49:32.637164511Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ') |
| 2018-12-25T11:49:32.644501351Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":9,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3595,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:32.80509673Z | 42 | PC: 19ef5 | Get date 0x19ef5: cmp dx, 0x809 0x19ef9: jbe 0x19f02 0x19efb: cmp al, 4 0x19efd: jne 0x19f02 0x19eff: call 0x1a45f 0x19f02: mov byte ptr cs:[bx + 9], 0 0x19f07: mov ah, 0x30 0x19f09: int 0x21 0x19f0b: mov bx, word ptr [bp] 0x19f0e: nop 0x19f0f: cmp byte ptr cs:[bx + 9], 0 0x19f14: je 0x19f18 0x19f16: jmp 0x19f7b 0x19f18: lds si, ptr es:[6] 0x19f1d: lds si, ptr [si + 1] 0x19f20: mov word ptr cs:[bx + 7], ds 0x19f24: xor ax, ax 0x19f26: mov ds, ax 0x19f28: lds si, ptr [4] 0x19f2c: mov word ptr cs:[bx + 0xa], si |
| 2018-12-25T11:49:32.807165158Z | 48 | PC: 19f0b | Get DOS version |
| 2018-12-25T11:49:32.80826235Z | 48 | PC: 19f5f | Get DOS version |
| 2018-12-25T11:49:32.80928497Z | 72 | PC: 19f84 | Allocate memory |
| 2018-12-25T11:49:32.81120332Z | 74 | PC: 19f99 | Reallocate memory |
| 2018-12-25T11:49:32.812325631Z | 72 | PC: 19f84 | Allocate memory (See above) |
| 2018-12-25T11:49:32.81417663Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ') |
| 2018-12-25T11:49:32.820125391Z | 0 | PC: 12a89 | Program terminate |