{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4529,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:57.753389372Z | 42 | PC: 13e60 | Get date 0x13e60: cmp dl, 0x17 0x13e63: jne 0x13e70 0x13e65: nop 0x13e66: nop 0x13e67: nop 0x13e68: mov ah, 9 0x13e6a: lea dx, word ptr [bp + 0x206] 0x13e6e: int 0x21 0x13e70: mov ah, 0x1a 0x13e72: lea dx, word ptr [bp + 0x1d7] 0x13e76: int 0x21 0x13e78: mov ah, 0x4e 0x13e7a: xor cx, cx 0x13e7c: lea dx, word ptr [bp + 0x1d1] 0x13e80: int 0x21 0x13e82: jae 0x13e87 0x13e84: jmp 0x13f05 0x13e87: mov ah, 0x3d 0x13e89: mov al, 2 0x13e8b: lea dx, word ptr [bp + 0x1f5] |
| 2018-12-25T11:51:57.757831068Z | 26 | PC: 13e78 | Set disk transfer address |
| 2018-12-25T11:51:57.758869545Z | 78 | PC: 13e82 | Find first file |
| 2018-12-25T11:51:57.764545479Z | 61 | PC: 13e91 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:57.771902387Z | 63 | PC: 13e9d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:51:57.777974086Z | 63 | PC: 13ea8 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:51:57.780207401Z | 66 | PC: 13ec9 | Move file pointer |
| 2018-12-25T11:51:57.786680849Z | 64 | PC: 13ed4 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:51:57.78916657Z | 64 | PC: 13edf | Write file or device (Write 1 bytes on handle 5) |
| 2018-12-25T11:51:57.792336591Z | 66 | PC: 13ee8 | Move file pointer |
| 2018-12-25T11:51:57.794590708Z | 64 | PC: 13ef3 | Write file or device (Write 272 bytes on handle 5) |
| 2018-12-25T11:51:57.856750532Z | 62 | PC: 13ef7 | Close file |
| 2018-12-25T11:51:57.864548914Z | 79 | PC: 13efe | Find next file |
| 2018-12-25T11:51:57.868476903Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:57.8751815Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:57.881717094Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:57.885201142Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:57.887250442Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:57.890127613Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:57.892938768Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:57.894786348Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:57.897192615Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:57.904718741Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:57.907917685Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:57.917869542Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:57.924075496Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:57.927506182Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:57.928942214Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:57.93158532Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:57.935238562Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:57.936648826Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:57.939241419Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:57.947280496Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:57.949963931Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:57.956609521Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:57.964545441Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:57.967327566Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:57.969027093Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:57.97316586Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:57.975771519Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:57.977158148Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:57.980822855Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:57.995342587Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:57.998402167Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.006438988Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.013053495Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.015970087Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.018316849Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.021279327Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.024244893Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.026505101Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.029134413Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.036611738Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.039642039Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.046173451Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.052353027Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.056419966Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.058218139Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.061043814Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.064347537Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.066130728Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.074319911Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.083196957Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.085748881Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.092019997Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.098477775Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.101331068Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.102659381Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.105367402Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.108617223Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.110168674Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.113298773Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.121959929Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.125343184Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.132122945Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.135877107Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.138567615Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.14020392Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.143920557Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.146373418Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.147698564Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.15298098Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.159080315Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.160627123Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:51:58.164867591Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4529,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:57.759930254Z | 42 | PC: 13e60 | Get date 0x13e60: cmp dl, 0x17 0x13e63: jne 0x13e70 0x13e65: nop 0x13e66: nop 0x13e67: nop 0x13e68: mov ah, 9 0x13e6a: lea dx, word ptr [bp + 0x206] 0x13e6e: int 0x21 0x13e70: mov ah, 0x1a 0x13e72: lea dx, word ptr [bp + 0x1d7] 0x13e76: int 0x21 0x13e78: mov ah, 0x4e 0x13e7a: xor cx, cx 0x13e7c: lea dx, word ptr [bp + 0x1d1] 0x13e80: int 0x21 0x13e82: jae 0x13e87 0x13e84: jmp 0x13f05 0x13e87: mov ah, 0x3d 0x13e89: mov al, 2 0x13e8b: lea dx, word ptr [bp + 0x1f5] |
| 2018-12-25T11:51:57.762648523Z | 9 | PC: 13e70 | Display string (String= 'CHUI UND PFUI') |
| 2018-12-25T11:51:57.7647501Z | 26 | PC: 13e78 | Set disk transfer address |
| 2018-12-25T11:51:57.765813389Z | 78 | PC: 13e82 | Find first file |
| 2018-12-25T11:51:57.772411091Z | 61 | PC: 13e91 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:57.777454677Z | 63 | PC: 13e9d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:51:57.783357307Z | 63 | PC: 13ea8 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:51:57.78605214Z | 66 | PC: 13ec9 | Move file pointer |
| 2018-12-25T11:51:57.787800091Z | 64 | PC: 13ed4 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:51:57.790440198Z | 64 | PC: 13edf | Write file or device (Write 1 bytes on handle 5) |
| 2018-12-25T11:51:57.792967709Z | 66 | PC: 13ee8 | Move file pointer |
| 2018-12-25T11:51:57.794765655Z | 64 | PC: 13ef3 | Write file or device (Write 272 bytes on handle 5) |
| 2018-12-25T11:51:57.856943034Z | 62 | PC: 13ef7 | Close file |
| 2018-12-25T11:51:57.865508235Z | 79 | PC: 13efe | Find next file |
| 2018-12-25T11:51:57.869867518Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:57.876796207Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:57.88328814Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:57.886874398Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:57.888497559Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:57.891316853Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:57.894870972Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:57.898619373Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:57.901675809Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:57.909991147Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:57.913593949Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:57.919874156Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:57.925981797Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:57.930308034Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:57.931863112Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:57.934723509Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:57.938740857Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:57.947889465Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:57.950461696Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:57.959506051Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:57.961981385Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:57.968108274Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:57.978430571Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:57.981760029Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:57.98360479Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:57.987173046Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:57.99003484Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:57.991803885Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:57.995659818Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.003568073Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.006603047Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.013634936Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.021903642Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.02428129Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.025569713Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.028595441Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.031036913Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.032895828Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.036416739Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.044101574Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.046967319Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.054057943Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.060434106Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.06311074Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.065145408Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.068025679Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.070816745Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.07326013Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.081248637Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.089587195Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.092980341Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.099419935Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.106202807Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.109301872Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.11080551Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.113542368Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.117214289Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.118788515Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.121510231Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.129683066Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.132442979Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.138703694Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.142072842Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.144389365Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.145611227Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.148967378Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.151991389Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.153544602Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.162627918Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.170907822Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.173497634Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:51:58.179233082Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4529,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:58.10667757Z | 42 | PC: 13e60 | Get date 0x13e60: cmp dl, 0x17 0x13e63: jne 0x13e70 0x13e65: nop 0x13e66: nop 0x13e67: nop 0x13e68: mov ah, 9 0x13e6a: lea dx, word ptr [bp + 0x206] 0x13e6e: int 0x21 0x13e70: mov ah, 0x1a 0x13e72: lea dx, word ptr [bp + 0x1d7] 0x13e76: int 0x21 0x13e78: mov ah, 0x4e 0x13e7a: xor cx, cx 0x13e7c: lea dx, word ptr [bp + 0x1d1] 0x13e80: int 0x21 0x13e82: jae 0x13e87 0x13e84: jmp 0x13f05 0x13e87: mov ah, 0x3d 0x13e89: mov al, 2 0x13e8b: lea dx, word ptr [bp + 0x1f5] |
| 2018-12-25T11:51:58.11006474Z | 26 | PC: 13e78 | Set disk transfer address |
| 2018-12-25T11:51:58.111156798Z | 78 | PC: 13e82 | Find first file |
| 2018-12-25T11:51:58.11722683Z | 61 | PC: 13e91 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:58.127340126Z | 63 | PC: 13e9d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:51:58.133400109Z | 63 | PC: 13ea8 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:51:58.135702711Z | 66 | PC: 13ec9 | Move file pointer |
| 2018-12-25T11:51:58.13756398Z | 64 | PC: 13ed4 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:51:58.140116607Z | 64 | PC: 13edf | Write file or device (Write 1 bytes on handle 5) |
| 2018-12-25T11:51:58.142882032Z | 66 | PC: 13ee8 | Move file pointer |
| 2018-12-25T11:51:58.145986257Z | 64 | PC: 13ef3 | Write file or device (Write 272 bytes on handle 5) |
| 2018-12-25T11:51:58.160083825Z | 62 | PC: 13ef7 | Close file |
| 2018-12-25T11:51:58.168094246Z | 79 | PC: 13efe | Find next file |
| 2018-12-25T11:51:58.171188222Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.178085563Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.184796436Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.187265102Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.193718306Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.196579189Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.199430575Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.202085942Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.204979654Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.212793957Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.216754036Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.223087418Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.229293442Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.238944941Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.240257962Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.242769998Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.2457394Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.247078655Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.249516663Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.257659485Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.260187104Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.266991072Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.273760077Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.276213913Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.277582545Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.281430771Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.290462306Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.291840145Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.294783354Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.307668917Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.310493357Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.31739801Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.32402082Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.326320933Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.327948552Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.331377116Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.334511034Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.335789215Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.338883541Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.346572966Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.349008326Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.35603797Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.362498622Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.365156999Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.366970427Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.369508561Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.371994355Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.374306715Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.382074522Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.389757506Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.392824853Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.399896421Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.40685697Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.410002216Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.411381815Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.414172679Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.417434938Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.418728259Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.421175566Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.429517978Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.432023037Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.438349052Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.441674514Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.444126188Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.445426077Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.448525695Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.451276171Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.453167131Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.46175774Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.476987946Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.479669306Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:51:58.486856842Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4529,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:58.408833411Z | 42 | PC: 13e60 | Get date 0x13e60: cmp dl, 0x17 0x13e63: jne 0x13e70 0x13e65: nop 0x13e66: nop 0x13e67: nop 0x13e68: mov ah, 9 0x13e6a: lea dx, word ptr [bp + 0x206] 0x13e6e: int 0x21 0x13e70: mov ah, 0x1a 0x13e72: lea dx, word ptr [bp + 0x1d7] 0x13e76: int 0x21 0x13e78: mov ah, 0x4e 0x13e7a: xor cx, cx 0x13e7c: lea dx, word ptr [bp + 0x1d1] 0x13e80: int 0x21 0x13e82: jae 0x13e87 0x13e84: jmp 0x13f05 0x13e87: mov ah, 0x3d 0x13e89: mov al, 2 0x13e8b: lea dx, word ptr [bp + 0x1f5] |
| 2018-12-25T11:51:58.415243314Z | 9 | PC: 13e70 | Display string (String= 'CHUI UND PFUI') |
| 2018-12-25T11:51:58.418336881Z | 26 | PC: 13e78 | Set disk transfer address |
| 2018-12-25T11:51:58.41996832Z | 78 | PC: 13e82 | Find first file |
| 2018-12-25T11:51:58.427671908Z | 61 | PC: 13e91 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:51:58.43427102Z | 63 | PC: 13e9d | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:51:58.440516846Z | 63 | PC: 13ea8 | Read file or device (Read 1 bytes on handle 5) |
| 2018-12-25T11:51:58.443895699Z | 66 | PC: 13ec9 | Move file pointer |
| 2018-12-25T11:51:58.445250395Z | 64 | PC: 13ed4 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:51:58.447699464Z | 64 | PC: 13edf | Write file or device (Write 1 bytes on handle 5) |
| 2018-12-25T11:51:58.450399726Z | 66 | PC: 13ee8 | Move file pointer |
| 2018-12-25T11:51:58.453433597Z | 64 | PC: 13ef3 | Write file or device (Write 272 bytes on handle 5) |
| 2018-12-25T11:51:58.469600821Z | 62 | PC: 13ef7 | Close file |
| 2018-12-25T11:51:58.478551395Z | 79 | PC: 13efe | Find next file |
| 2018-12-25T11:51:58.482471524Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.491195946Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.49913624Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.502421546Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.503763785Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.506741023Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.510668206Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.512970274Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.515941446Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.525342009Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.528153534Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.534843211Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.542343222Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.544798709Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.54617905Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.55695262Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.559645709Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.561288334Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.564047005Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.572288413Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.575166324Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.58194321Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.588596098Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.59126056Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.593021756Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.59637622Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.599171306Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.600965228Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.605518409Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.613583184Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.616354626Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.623211384Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.629813819Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.632465302Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.635223459Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.638214222Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.641104149Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.643023387Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.645580241Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.723476866Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.726667642Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.733391429Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.766888942Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.770279634Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.771676589Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.774263293Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.777218983Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.778770742Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.879741693Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:58.968591798Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:58.97163819Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:58.978351468Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:58.985588992Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:58.987858368Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:58.989081571Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:58.992021363Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:58.994547537Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:58.99587515Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:58.998878282Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:59.006732928Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:59.009100977Z | 61 | PC: 13e91 | Open file (See above) |
| 2018-12-25T11:51:59.016296335Z | 63 | PC: 13e9d | Read file or device (See above) |
| 2018-12-25T11:51:59.018741631Z | 63 | PC: 13ea8 | Read file or device (See above) |
| 2018-12-25T11:51:59.021076823Z | 66 | PC: 13ec9 | Move file pointer (See above) |
| 2018-12-25T11:51:59.022972217Z | 64 | PC: 13ed4 | Write file or device (See above) |
| 2018-12-25T11:51:59.02542676Z | 64 | PC: 13edf | Write file or device (See above) |
| 2018-12-25T11:51:59.027812657Z | 66 | PC: 13ee8 | Move file pointer (See above) |
| 2018-12-25T11:51:59.029803248Z | 64 | PC: 13ef3 | Write file or device (See above) |
| 2018-12-25T11:51:59.037741105Z | 62 | PC: 13ef7 | Close file (See above) |
| 2018-12-25T11:51:59.04557978Z | 79 | PC: 13efe | Find next file (See above) |
| 2018-12-25T11:51:59.048274101Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:51:59.053405883Z | 0 | PC: 12a89 | Program terminate |