{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10351,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:45.984774606Z | 202 | PC: 12c35 | UNKNOWN! |
| 2018-12-25T12:27:45.985784892Z | 42 | PC: 12c40 | Get date 0x12c40: cmp dl, 0xe 0x12c43: jne 0x12c67 0x12c45: cmp dh, 0xc 0x12c48: jne 0x12c67 0x12c4a: mov ah, 0xf 0x12c4c: int 0x10 0x12c4e: mov ah, 0 0x12c50: int 0x10 0x12c52: push cs 0x12c53: pop ds 0x12c54: mov bx, 0x2a0 0x12c57: xor dx, dx 0x12c59: mov cx, 1 0x12c5c: cli 0x12c5d: mov ax, 2 0x12c60: int 0x26 0x12c62: add dx, 1 0x12c65: jmp 0x12c5d 0x12c67: mov ax, 0x3521 0x12c6a: int 0x21 |
| 2018-12-25T12:27:45.988161971Z | 53 | PC: 12c6c | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:27:45.989571043Z | 74 | PC: 12c89 | Reallocate memory |
| 2018-12-25T12:27:45.990890344Z | 72 | PC: 12c90 | Allocate memory |
| 2018-12-25T12:27:45.993124502Z | 37 | PC: 12cb4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:27:45.994929455Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T12:27:46.001927136Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10351,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:47.081342488Z | 202 | PC: 12c35 | UNKNOWN! |
| 2018-12-25T12:27:47.085586302Z | 42 | PC: 12c40 | Get date 0x12c40: cmp dl, 0xe 0x12c43: jne 0x12c67 0x12c45: cmp dh, 0xc 0x12c48: jne 0x12c67 0x12c4a: mov ah, 0xf 0x12c4c: int 0x10 0x12c4e: mov ah, 0 0x12c50: int 0x10 0x12c52: push cs 0x12c53: pop ds 0x12c54: mov bx, 0x2a0 0x12c57: xor dx, dx 0x12c59: mov cx, 1 0x12c5c: cli 0x12c5d: mov ax, 2 0x12c60: int 0x26 0x12c62: add dx, 1 0x12c65: jmp 0x12c5d 0x12c67: mov ax, 0x3521 0x12c6a: int 0x21 |
| 2018-12-25T12:27:47.088197534Z | 53 | PC: 12c6c | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:27:47.089449876Z | 74 | PC: 12c89 | Reallocate memory |
| 2018-12-25T12:27:47.090912806Z | 72 | PC: 12c90 | Allocate memory |
| 2018-12-25T12:27:47.092923654Z | 37 | PC: 12cb4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:27:47.094528281Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T12:27:47.101316423Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":14,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10351,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:47.11551594Z | 202 | PC: 12c35 | UNKNOWN! |
| 2018-12-25T12:27:47.11698788Z | 42 | PC: 12c40 | Get date 0x12c40: cmp dl, 0xe 0x12c43: jne 0x12c67 0x12c45: cmp dh, 0xc 0x12c48: jne 0x12c67 0x12c4a: mov ah, 0xf 0x12c4c: int 0x10 0x12c4e: mov ah, 0 0x12c50: int 0x10 0x12c52: push cs 0x12c53: pop ds 0x12c54: mov bx, 0x2a0 0x12c57: xor dx, dx 0x12c59: mov cx, 1 0x12c5c: cli 0x12c5d: mov ax, 2 0x12c60: int 0x26 0x12c62: add dx, 1 0x12c65: jmp 0x12c5d 0x12c67: mov ax, 0x3521 0x12c6a: int 0x21 |
| 2018-12-25T12:27:47.157807171Z | 66 | PC: 15c30 | Move file pointer |
| 2018-12-25T12:27:47.267255561Z | 59 | PC: 109ed | Change current directory |