{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":4720,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:41.963117308Z | 53 | PC: 13fc4 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:41.964781679Z | 53 | PC: 13fb0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:41.966786962Z | 78 | PC: 1406c | Find first file |
| 2018-12-25T11:52:41.972510589Z | 47 | PC: 14076 | Get disk transfer address |
| 2018-12-25T11:52:41.974441175Z | 79 | PC: 140a5 | Find next file |
| 2018-12-25T11:52:41.977553699Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:41.980025465Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:41.982857559Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:41.98543073Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:41.988138982Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:41.997547501Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.000473665Z | 67 | PC: 140db | Get or set file attributes |
| 2018-12-25T11:52:42.00622807Z | 67 | PC: 140ed | Get or set file attributes |
| 2018-12-25T11:52:42.938286981Z | 61 | PC: 14109 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T11:52:42.946381733Z | 66 | PC: 1411f | Move file pointer |
| 2018-12-25T11:52:42.948219799Z | 63 | PC: 1412d | Read file or device (Read 10 bytes on handle 5) |
| 2018-12-25T11:52:42.951259628Z | 87 | PC: 14278 | Get or set file date and time |
| 2018-12-25T11:52:42.955234558Z | 66 | PC: 141bd | Move file pointer |
| 2018-12-25T11:52:42.9569162Z | 66 | PC: 141ce | Move file pointer |
| 2018-12-25T11:52:42.958562378Z | 63 | PC: 141dc | Read file or device (Read 259 bytes on handle 5) |
| 2018-12-25T11:52:42.962454901Z | 66 | PC: 141bd | Move file pointer (See above) |
| 2018-12-25T11:52:42.964132377Z | 64 | PC: 141ed | Write file or device (Write 259 bytes on handle 5) |
| 2018-12-25T11:52:42.972439056Z | 66 | PC: 141bd | Move file pointer (See above) |
| 2018-12-25T11:52:42.975227518Z | 66 | PC: 14217 | Move file pointer |
| 2018-12-25T11:52:42.976589462Z | 64 | PC: 14240 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:42.97932534Z | 66 | PC: 1419e | Move file pointer |
| 2018-12-25T11:52:42.981412767Z | 64 | PC: 141ac | Write file or device (Write 256 bytes on handle 5) |
| 2018-12-25T11:52:42.983934476Z | 66 | PC: 141bd | Move file pointer (See above) |
| 2018-12-25T11:52:42.985300576Z | 64 | PC: 1417c | Write file or device (Write 1024 bytes on handle 5) |
| 2018-12-25T11:52:42.99497101Z | 87 | PC: 1426d | Get or set file date and time |
| 2018-12-25T11:52:42.997316366Z | 62 | PC: 14249 | Close file |
| 2018-12-25T11:52:43.006979516Z | 67 | PC: 1425a | Get or set file attributes |
| 2018-12-25T11:52:43.019202595Z | 44 | PC: 1402a | Get time 0x1402a: cmp dh, cl 0x1402c: jne 0x14031 0x1402e: call 0x23ff5 0x14031: ret 0x14032: mov si, 0xfb00 0x14035: mov di, 0x80 0x14038: mov cx, 0x80 0x1403b: cld 0x1403c: rep movsb byte ptr es:[di], byte ptr [si] 0x1403e: ret 0x1403f: mov bx, word ptr [0x187] 0x14043: mov word ptr [0x185], bx 0x14047: mov bx, word ptr [0x174] 0x1404b: mov word ptr [0x172], bx 0x1404f: ret 0x14050: mov ax, word ptr [0x172] 0x14053: mov si, ax 0x14055: mov di, 0x100 0x14058: mov cx, 0x103 0x1405b: cld |
| 2018-12-25T11:52:43.022886615Z | 53 | PC: 13f8f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:43.024568739Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:52:43.0302841Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4720,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:42.324134061Z | 53 | PC: 13fc4 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:42.32575209Z | 53 | PC: 13fb0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:42.32690925Z | 78 | PC: 1406c | Find first file |
| 2018-12-25T11:52:42.332578341Z | 47 | PC: 14076 | Get disk transfer address |
| 2018-12-25T11:52:42.334403182Z | 79 | PC: 140a5 | Find next file |
| 2018-12-25T11:52:42.336695742Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.338886685Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.341307178Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.343980153Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.34681249Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.349387227Z | 79 | PC: 140a5 | Find next file (See above) |
| 2018-12-25T11:52:42.352079559Z | 67 | PC: 140db | Get or set file attributes |
| 2018-12-25T11:52:42.358693521Z | 67 | PC: 140ed | Get or set file attributes |
| 2018-12-25T11:52:42.938836648Z | 61 | PC: 14109 | Open file (Filename = 'TEST.COM') |
| 2018-12-25T11:52:42.944402287Z | 66 | PC: 1411f | Move file pointer |
| 2018-12-25T11:52:42.945935227Z | 63 | PC: 1412d | Read file or device (Read 10 bytes on handle 5) |
| 2018-12-25T11:52:42.950485393Z | 87 | PC: 14278 | Get or set file date and time |
| 2018-12-25T11:52:42.95189147Z | 66 | PC: 141bd | Move file pointer |
| 2018-12-25T11:52:42.952834979Z | 66 | PC: 141ce | Move file pointer |
| 2018-12-25T11:52:42.953984288Z | 63 | PC: 141dc | Read file or device (Read 259 bytes on handle 5) |
| 2018-12-25T11:52:42.956380554Z | 66 | PC: 141bd | Move file pointer (See above) |
| 2018-12-25T11:52:42.957423636Z | 64 | PC: 141ed | Write file or device (Write 259 bytes on handle 5) |
| 2018-12-25T11:52:42.962914794Z | 66 | PC: 141bd | Move file pointer (See above) |
| 2018-12-25T11:52:42.96638274Z | 66 | PC: 14217 | Move file pointer |
| 2018-12-25T11:52:42.967747827Z | 64 | PC: 14240 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:52:42.970465699Z | 66 | PC: 1419e | Move file pointer |
| 2018-12-25T11:52:42.972409811Z | 64 | PC: 141ac | Write file or device (Write 256 bytes on handle 5) |
| 2018-12-25T11:52:42.974851429Z | 66 | PC: 141bd | Move file pointer (See above) |
| 2018-12-25T11:52:42.976155967Z | 64 | PC: 1417c | Write file or device (Write 1024 bytes on handle 5) |
| 2018-12-25T11:52:43.010678421Z | 87 | PC: 1426d | Get or set file date and time |
| 2018-12-25T11:52:43.012243121Z | 62 | PC: 14249 | Close file |
| 2018-12-25T11:52:43.020495676Z | 67 | PC: 1425a | Get or set file attributes |
| 2018-12-25T11:52:43.032513424Z | 44 | PC: 1402a | Get time 0x1402a: cmp dh, cl 0x1402c: jne 0x14031 0x1402e: call 0x23ff5 0x14031: ret 0x14032: mov si, 0xfb00 0x14035: mov di, 0x80 0x14038: mov cx, 0x80 0x1403b: cld 0x1403c: rep movsb byte ptr es:[di], byte ptr [si] 0x1403e: ret 0x1403f: mov bx, word ptr [0x187] 0x14043: mov word ptr [0x185], bx 0x14047: mov bx, word ptr [0x174] 0x1404b: mov word ptr [0x172], bx 0x1404f: ret 0x14050: mov ax, word ptr [0x172] 0x14053: mov si, ax 0x14055: mov di, 0x100 0x14058: mov cx, 0x103 0x1405b: cld |
| 2018-12-25T11:52:43.035186988Z | 53 | PC: 13f8f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:52:43.036589508Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T11:52:43.043361091Z | 0 | PC: 12a89 | Program terminate |