{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":132,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:15.644450216Z | 222 | PC: 12c48 | UNKNOWN! |
| 2018-12-25T11:40:15.646017323Z | 44 | PC: 12f73 | Get time 0x12f73: cmp ch, 1 0x12f76: jne 0x12f7b 0x12f78: call 0x22f45 0x12f7b: cmp ch, 8 0x12f7e: jne 0x12f83 0x12f80: call 0x22f45 0x12f83: ret 0x12f84: mov cx, di 0x12f86: sub cx, si 0x12f88: mov di, word ptr ss:[0x216f] 0x12f8d: sub di, 8 0x12f91: push ds 0x12f92: push es 0x12f93: pop ds 0x12f94: rep movsb byte ptr es:[di], byte ptr [si] 0x12f96: dec di 0x12f97: push cs 0x12f98: pop ds 0x12f99: mov si, 0x2171 0x12f9c: mov cx, 8 |
| 2018-12-25T11:40:15.648572928Z | 53 | PC: 12c74 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:15.649918675Z | 37 | PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:15.652336785Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:40:15.6585791Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":132,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:15.63968501Z | 222 | PC: 12c48 | UNKNOWN! |
| 2018-12-25T11:40:15.641191537Z | 44 | PC: 12f73 | Get time 0x12f73: cmp ch, 1 0x12f76: jne 0x12f7b 0x12f78: call 0x22f45 0x12f7b: cmp ch, 8 0x12f7e: jne 0x12f83 0x12f80: call 0x22f45 0x12f83: ret 0x12f84: mov cx, di 0x12f86: sub cx, si 0x12f88: mov di, word ptr ss:[0x216f] 0x12f8d: sub di, 8 0x12f91: push ds 0x12f92: push es 0x12f93: pop ds 0x12f94: rep movsb byte ptr es:[di], byte ptr [si] 0x12f96: dec di 0x12f97: push cs 0x12f98: pop ds 0x12f99: mov si, 0x2171 0x12f9c: mov cx, 8 |
| 2018-12-25T11:40:15.644471168Z | 53 | PC: 12c74 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:15.645817327Z | 37 | PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:15.647160921Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:40:15.653565258Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":132,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:15.694244193Z | 222 | PC: 12c48 | UNKNOWN! |
| 2018-12-25T11:40:15.695505451Z | 44 | PC: 12f73 | Get time 0x12f73: cmp ch, 1 0x12f76: jne 0x12f7b 0x12f78: call 0x22f45 0x12f7b: cmp ch, 8 0x12f7e: jne 0x12f83 0x12f80: call 0x22f45 0x12f83: ret 0x12f84: mov cx, di 0x12f86: sub cx, si 0x12f88: mov di, word ptr ss:[0x216f] 0x12f8d: sub di, 8 0x12f91: push ds 0x12f92: push es 0x12f93: pop ds 0x12f94: rep movsb byte ptr es:[di], byte ptr [si] 0x12f96: dec di 0x12f97: push cs 0x12f98: pop ds 0x12f99: mov si, 0x2171 0x12f9c: mov cx, 8 |
| 2018-12-25T11:40:15.698140153Z | 53 | PC: 12c74 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:15.699419137Z | 37 | PC: 12c95 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:15.701650049Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:40:15.708114443Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |