{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9313,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:50.812618248Z | 42 | PC: 140bf | Get date 0x140bf: cmp al, 6 0x140c1: jne 0x140cc 0x140c3: mov word ptr [2], 1 0x140c9: jmp 0x140da 0x140cb: nop 0x140cc: or ax, ax 0x140ce: jne 0x140da 0x140d0: mov ah, 9 0x140d2: mov dx, 0x1f0 0x140d5: int 0x21 0x140d7: call 0x14557 0x140da: ret 0x140db: xchg ah, al 0x140dd: int 0x21 0x140df: ret 0x140e0: push cs 0x140e1: mov ax, 0x1400 0x140e4: mov cl, 4 0x140e6: shr ax, cl 0x140e8: mov bx, cs |
| 2018-12-25T12:22:50.815468296Z | 11 | PC: 140df | Get input status |
| 2018-12-25T12:22:50.817825828Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.819335416Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.820740822Z | 72 | PC: 140df | Allocate memory (See above) |
| 2018-12-25T12:22:50.822571301Z | 53 | PC: 140df | Get interrupt vector (See above) |
| 2018-12-25T12:22:50.82365629Z | 37 | PC: 140df | Set interrupt vector (See above) |
| 2018-12-25T12:22:50.824898803Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:22:50.830490724Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9313,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:50.950080407Z | 42 | PC: 140bf | Get date 0x140bf: cmp al, 6 0x140c1: jne 0x140cc 0x140c3: mov word ptr [2], 1 0x140c9: jmp 0x140da 0x140cb: nop 0x140cc: or ax, ax 0x140ce: jne 0x140da 0x140d0: mov ah, 9 0x140d2: mov dx, 0x1f0 0x140d5: int 0x21 0x140d7: call 0x14557 0x140da: ret 0x140db: xchg ah, al 0x140dd: int 0x21 0x140df: ret 0x140e0: push cs 0x140e1: mov ax, 0x1400 0x140e4: mov cl, 4 0x140e6: shr ax, cl 0x140e8: mov bx, cs |
| 2018-12-25T12:22:50.959948413Z | 11 | PC: 140df | Get input status |
| 2018-12-25T12:22:50.962909182Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.964807681Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.96670633Z | 72 | PC: 140df | Allocate memory (See above) |
| 2018-12-25T12:22:50.97000497Z | 53 | PC: 140df | Get interrupt vector (See above) |
| 2018-12-25T12:22:50.971335718Z | 37 | PC: 140df | Set interrupt vector (See above) |
| 2018-12-25T12:22:50.972892639Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:22:50.979747463Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9313,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:50.966322017Z | 42 | PC: 140bf | Get date 0x140bf: cmp al, 6 0x140c1: jne 0x140cc 0x140c3: mov word ptr [2], 1 0x140c9: jmp 0x140da 0x140cb: nop 0x140cc: or ax, ax 0x140ce: jne 0x140da 0x140d0: mov ah, 9 0x140d2: mov dx, 0x1f0 0x140d5: int 0x21 0x140d7: call 0x14557 0x140da: ret 0x140db: xchg ah, al 0x140dd: int 0x21 0x140df: ret 0x140e0: push cs 0x140e1: mov ax, 0x1400 0x140e4: mov cl, 4 0x140e6: shr ax, cl 0x140e8: mov bx, cs |
| 2018-12-25T12:22:50.969283169Z | 11 | PC: 140df | Get input status |
| 2018-12-25T12:22:50.971612909Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.973070582Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.975326357Z | 72 | PC: 140df | Allocate memory (See above) |
| 2018-12-25T12:22:50.976848763Z | 53 | PC: 140df | Get interrupt vector (See above) |
| 2018-12-25T12:22:50.977969671Z | 37 | PC: 140df | Set interrupt vector (See above) |
| 2018-12-25T12:22:50.979216022Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:22:50.984983484Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9313,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:50.966960957Z | 42 | PC: 140bf | Get date 0x140bf: cmp al, 6 0x140c1: jne 0x140cc 0x140c3: mov word ptr [2], 1 0x140c9: jmp 0x140da 0x140cb: nop 0x140cc: or ax, ax 0x140ce: jne 0x140da 0x140d0: mov ah, 9 0x140d2: mov dx, 0x1f0 0x140d5: int 0x21 0x140d7: call 0x14557 0x140da: ret 0x140db: xchg ah, al 0x140dd: int 0x21 0x140df: ret 0x140e0: push cs 0x140e1: mov ax, 0x1400 0x140e4: mov cl, 4 0x140e6: shr ax, cl 0x140e8: mov bx, cs |
| 2018-12-25T12:22:50.969058687Z | 11 | PC: 140df | Get input status |
| 2018-12-25T12:22:50.971509133Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.972928391Z | 74 | PC: 140df | Reallocate memory (See above) |
| 2018-12-25T12:22:50.975478837Z | 72 | PC: 140df | Allocate memory (See above) |
| 2018-12-25T12:22:50.976995239Z | 53 | PC: 140df | Get interrupt vector (See above) |
| 2018-12-25T12:22:50.978074306Z | 37 | PC: 140df | Set interrupt vector (See above) |
| 2018-12-25T12:22:50.980029123Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:22:50.985314728Z | 0 | PC: 12a89 | Program terminate |