{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4588,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:16.907682622Z | 73 | PC: 12db8 | Release memory |
| 2018-12-25T11:52:16.909020072Z | 72 | PC: 12dbf | Allocate memory |
| 2018-12-25T11:52:16.919244103Z | 74 | PC: 12dcd | Reallocate memory |
| 2018-12-25T11:52:16.920939349Z | 74 | PC: 12ddc | Reallocate memory |
| 2018-12-25T11:52:16.922250701Z | 53 | PC: 12e06 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:16.923831705Z | 53 | PC: 12e25 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file') |
| 2018-12-25T11:52:16.925925134Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:52:16.933592407Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":27,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4588,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:17.128879082Z | 73 | PC: 12db8 | Release memory |
| 2018-12-25T11:52:17.130812037Z | 72 | PC: 12dbf | Allocate memory |
| 2018-12-25T11:52:17.132773726Z | 74 | PC: 12dcd | Reallocate memory |
| 2018-12-25T11:52:17.134477473Z | 74 | PC: 12ddc | Reallocate memory |
| 2018-12-25T11:52:17.137381853Z | 53 | PC: 12e06 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:17.145145207Z | 53 | PC: 12e25 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file') |
| 2018-12-25T11:52:17.148537355Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:52:17.155780597Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |