{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":462,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:56.014751588Z | 170 | PC: 15240 | UNKNOWN! |
| 2018-12-25T11:40:56.017087608Z | 42 | PC: 15290 | Get date 0x15290: cmp cx, 0x7ca 0x15294: jb 0x152a9 0x15296: mov si, 0x70 0x15299: mov di, 0x6ba 0x1529c: nop 0x1529d: movsw word ptr es:[di], word ptr [si] 0x1529e: movsw word ptr es:[di], word ptr [si] 0x1529f: mov word ptr [0x70], 0x618 0x152a5: mov word ptr [0x72], es 0x152a9: sti 0x152aa: pop ds 0x152ab: pop es 0x152ac: retf 0x152ad: mov al, 3 0x152af: iret 0x152b0: pushaw 0x152b1: mov ah, 4 0x152b3: int 0x1a 0x152b5: cmp cx, 0x1996 0x152b9: jb 0x152c4 |
| 2018-12-25T11:40:56.019730225Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ') |
| 2018-12-25T11:40:56.026509354Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":462,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:56.202142208Z | 170 | PC: 15240 | UNKNOWN! |
| 2018-12-25T11:40:56.204439445Z | 42 | PC: 15290 | Get date 0x15290: cmp cx, 0x7ca 0x15294: jb 0x152a9 0x15296: mov si, 0x70 0x15299: mov di, 0x6ba 0x1529c: nop 0x1529d: movsw word ptr es:[di], word ptr [si] 0x1529e: movsw word ptr es:[di], word ptr [si] 0x1529f: mov word ptr [0x70], 0x618 0x152a5: mov word ptr [0x72], es 0x152a9: sti 0x152aa: pop ds 0x152ab: pop es 0x152ac: retf 0x152ad: mov al, 3 0x152af: iret 0x152b0: pushaw 0x152b1: mov ah, 4 0x152b3: int 0x1a 0x152b5: cmp cx, 0x1996 0x152b9: jb 0x152c4 |
| 2018-12-25T11:40:56.207051458Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ') |
| 2018-12-25T11:40:56.212813993Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |