{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:28.023013604Z | 192 | PC: 17c32 | UNKNOWN! |
| 2018-12-25T12:41:28.024460258Z | 42 | PC: 17c5b | Get date 0x17c5b: cmp dx, 0x803 0x17c5f: jne 0x17c64 0x17c61: jmp 0x1815d 0x17c64: mov ax, 0x3521 0x17c67: int 0x18 0x17c69: mov word ptr cs:[0x581], bx 0x17c6e: mov word ptr cs:[0x583], es 0x17c73: mov ax, ds 0x17c75: dec ax 0x17c76: mov es, ax 0x17c78: mov ax, word ptr es:[3] 0x17c7c: sub ax, 0x5c 0x17c7f: xchg ax, bx 0x17c80: mov ah, 0x4a 0x17c82: push ds 0x17c83: pop es 0x17c84: int 0x18 0x17c86: mov ah, 0x48 0x17c88: mov bx, 0x5b 0x17c8b: int 0x18 |
| 2018-12-25T12:41:28.026142409Z | 53 | PC: 17c69 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.027680375Z | 74 | PC: 17c86 | Reallocate memory |
| 2018-12-25T12:41:28.030148283Z | 72 | PC: 17c8d | Allocate memory |
| 2018-12-25T12:41:28.031690634Z | 37 | PC: 17cb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.032752284Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ') |
| 2018-12-25T12:41:28.043394018Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:28.039164784Z | 192 | PC: 17c32 | UNKNOWN! |
| 2018-12-25T12:41:28.040955179Z | 42 | PC: 17c5b | Get date 0x17c5b: cmp dx, 0x803 0x17c5f: jne 0x17c64 0x17c61: jmp 0x1815d 0x17c64: mov ax, 0x3521 0x17c67: int 0x18 0x17c69: mov word ptr cs:[0x581], bx 0x17c6e: mov word ptr cs:[0x583], es 0x17c73: mov ax, ds 0x17c75: dec ax 0x17c76: mov es, ax 0x17c78: mov ax, word ptr es:[3] 0x17c7c: sub ax, 0x5c 0x17c7f: xchg ax, bx 0x17c80: mov ah, 0x4a 0x17c82: push ds 0x17c83: pop es 0x17c84: int 0x18 0x17c86: mov ah, 0x48 0x17c88: mov bx, 0x5b 0x17c8b: int 0x18 |
| 2018-12-25T12:41:28.042536493Z | 53 | PC: 17c69 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.04348652Z | 74 | PC: 17c86 | Reallocate memory |
| 2018-12-25T12:41:28.045180271Z | 72 | PC: 17c8d | Allocate memory |
| 2018-12-25T12:41:28.04689783Z | 37 | PC: 17cb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.058966853Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ') |
| 2018-12-25T12:41:28.065141502Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":5,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:28.092526265Z | 192 | PC: 17c32 | UNKNOWN! |
| 2018-12-25T12:41:28.093650205Z | 42 | PC: 17c5b | Get date 0x17c5b: cmp dx, 0x803 0x17c5f: jne 0x17c64 0x17c61: jmp 0x1815d 0x17c64: mov ax, 0x3521 0x17c67: int 0x18 0x17c69: mov word ptr cs:[0x581], bx 0x17c6e: mov word ptr cs:[0x583], es 0x17c73: mov ax, ds 0x17c75: dec ax 0x17c76: mov es, ax 0x17c78: mov ax, word ptr es:[3] 0x17c7c: sub ax, 0x5c 0x17c7f: xchg ax, bx 0x17c80: mov ah, 0x4a 0x17c82: push ds 0x17c83: pop es 0x17c84: int 0x18 0x17c86: mov ah, 0x48 0x17c88: mov bx, 0x5b 0x17c8b: int 0x18 |
| 2018-12-25T12:41:28.095739234Z | 53 | PC: 17c69 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.096888608Z | 74 | PC: 17c86 | Reallocate memory |
| 2018-12-25T12:41:28.098793186Z | 72 | PC: 17c8d | Allocate memory |
| 2018-12-25T12:41:28.100309485Z | 37 | PC: 17cb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.101529844Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ') |
| 2018-12-25T12:41:28.107305041Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":5,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14718,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:28.060876139Z | 192 | PC: 17c32 | UNKNOWN! |
| 2018-12-25T12:41:28.063232542Z | 42 | PC: 17c5b | Get date 0x17c5b: cmp dx, 0x803 0x17c5f: jne 0x17c64 0x17c61: jmp 0x1815d 0x17c64: mov ax, 0x3521 0x17c67: int 0x18 0x17c69: mov word ptr cs:[0x581], bx 0x17c6e: mov word ptr cs:[0x583], es 0x17c73: mov ax, ds 0x17c75: dec ax 0x17c76: mov es, ax 0x17c78: mov ax, word ptr es:[3] 0x17c7c: sub ax, 0x5c 0x17c7f: xchg ax, bx 0x17c80: mov ah, 0x4a 0x17c82: push ds 0x17c83: pop es 0x17c84: int 0x18 0x17c86: mov ah, 0x48 0x17c88: mov bx, 0x5b 0x17c8b: int 0x18 |
| 2018-12-25T12:41:28.066344508Z | 53 | PC: 17c69 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.067931146Z | 74 | PC: 17c86 | Reallocate memory |
| 2018-12-25T12:41:28.070120574Z | 72 | PC: 17c8d | Allocate memory |
| 2018-12-25T12:41:28.071788926Z | 37 | PC: 17cb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:28.073085981Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000053DDh/0000021469d bytes. ') |
| 2018-12-25T12:41:28.079643481Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |