{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9645,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:22.515006458Z | 26 | PC: 13f37 | Set disk transfer address |
| 2018-12-25T12:23:22.517310794Z | 42 | PC: 13f3b | Get date 0x13f3b: cmp cx, 0x7c8 0x13f3f: jb 0x13f44 0x13f41: jmp 0x140c1 0x13f44: mov ah, 0x4e 0x13f46: mov dx, 0x74 0x13f49: mov cx, 0x21 0x13f4c: int 0x21 0x13f4e: jae 0x13f53 0x13f50: jmp 0x1409c 0x13f53: cmp word ptr [0x50], 0 0x13f58: jne 0x13f62 0x13f5a: cmp word ptr [0x4e], 0xea60 0x13f60: jbe 0x13f65 0x13f62: jmp 0x14074 0x13f65: mov ax, word ptr [0x4e] 0x13f68: mov word ptr [0x7c], ax 0x13f6b: and ax, 0xf 0x13f6e: mov dx, 0x10 0x13f71: sub dx, ax 0x13f73: and dx, 0xf |
| 2018-12-25T12:23:22.519882797Z | 26 | PC: 140ce | Set disk transfer address |
| 2018-12-25T12:23:22.521262094Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:23:22.528125785Z | 0 | PC: 12a89 | Program terminate |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9645,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:23:22.612883588Z | 26 | PC: 13f37 | Set disk transfer address |
| 2018-12-25T12:23:22.614827401Z | 42 | PC: 13f3b | Get date 0x13f3b: cmp cx, 0x7c8 0x13f3f: jb 0x13f44 0x13f41: jmp 0x140c1 0x13f44: mov ah, 0x4e 0x13f46: mov dx, 0x74 0x13f49: mov cx, 0x21 0x13f4c: int 0x21 0x13f4e: jae 0x13f53 0x13f50: jmp 0x1409c 0x13f53: cmp word ptr [0x50], 0 0x13f58: jne 0x13f62 0x13f5a: cmp word ptr [0x4e], 0xea60 0x13f60: jbe 0x13f65 0x13f62: jmp 0x14074 0x13f65: mov ax, word ptr [0x4e] 0x13f68: mov word ptr [0x7c], ax 0x13f6b: and ax, 0xf 0x13f6e: mov dx, 0x10 0x13f71: sub dx, ax 0x13f73: and dx, 0xf |
| 2018-12-25T12:23:22.617433388Z | 78 | PC: 13f4e | Find first file |
| 2018-12-25T12:23:22.624270661Z | 67 | PC: 13f83 | Get or set file attributes |
| 2018-12-25T12:23:22.630813829Z | 67 | PC: 13f93 | Get or set file attributes |
| 2018-12-25T12:23:22.648719482Z | 61 | PC: 13fa2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:23:22.656165055Z | 63 | PC: 13fb6 | Read file or device (Read 5 bytes on handle 5) |
| 2018-12-25T12:23:22.663880442Z | 87 | PC: 13fd1 | Get or set file date and time |
| 2018-12-25T12:23:22.666338287Z | 66 | PC: 13fe7 | Move file pointer |
| 2018-12-25T12:23:22.668503481Z | 64 | PC: 14014 | Write file or device (Write 5 bytes on handle 5) |
| 2018-12-25T12:23:22.671831173Z | 66 | PC: 1402d | Move file pointer |
| 2018-12-25T12:23:22.680318375Z | 64 | PC: 1403c | Write file or device (Write 9 bytes on handle 5) |
| 2018-12-25T12:23:22.683857433Z | 64 | PC: 1404a | Write file or device (Write 659 bytes on handle 5) |
| 2018-12-25T12:23:22.693828847Z | 87 | PC: 1405c | Get or set file date and time |
| 2018-12-25T12:23:22.720605262Z | 62 | PC: 14064 | Close file |
| 2018-12-25T12:23:22.728625333Z | 67 | PC: 14071 | Get or set file attributes |
| 2018-12-25T12:23:22.740889055Z | 42 | PC: 140a0 | Get date 0x140a0: cmp dh, 4 0x140a3: jne 0x140c1 0x140a5: cmp dl, 1 0x140a8: jne 0x140c1 0x140aa: mov dx, 5 0x140ad: mov ah, 9 0x140af: int 0x21 0x140b1: mov ah, 1 0x140b3: int 0x16 0x140b5: je 0x140bd 0x140b7: mov ah, 0 0x140b9: int 0x16 0x140bb: jmp 0x140b1 0x140bd: mov ah, 0 0x140bf: int 0x16 0x140c1: pop ax 0x140c2: mov es, ax 0x140c4: mov ds, ax 0x140c6: push ax 0x140c7: mov ah, 0x1a |
| 2018-12-25T12:23:22.743718241Z | 26 | PC: 140ce | Set disk transfer address |
| 2018-12-25T12:23:22.746155737Z | 9 | PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ') |
| 2018-12-25T12:23:22.761447352Z | 0 | PC: 12a89 | Program terminate |