.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:24:27.071625834Z | 26 | PC: 12aa0 | Set disk transfer address |
| 2018-12-17T22:24:27.074908187Z | 78 | PC: 12aac | Find first file |
| 2018-12-17T22:24:27.080760306Z | 61 | PC: 12abf | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:24:27.087589446Z | 63 | PC: 12acd | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:24:27.094653687Z | 66 | PC: 12ae0 | Move file pointer |
| 2018-12-17T22:24:27.096988798Z | 44 | PC: 12aed | Get time 0x12aed: xchg ch, cl 0x12aef: add dx, cx 0x12af1: mov word ptr [bp + 0x11c], dx 0x12af5: mov ah, 0x40 0x12af7: mov cx, 0x12c 0x12afa: mov dx, bp 0x12afc: pushaw 0x12afd: jmp 0x12ba4 0x12b00: pop ax 0x12b01: jb 0x12aae 0x12b03: sub ax, 3 0x12b06: push bx 0x12b07: mov bx, bp 0x12b09: mov word ptr cs:[bx + 1], ax 0x12b0d: mov byte ptr [bx], 0xe9 0x12b10: pop bx 0x12b11: mov ax, 0x4200 0x12b14: xor cx, cx 0x12b16: cdq 0x12b17: int 0x21 |
| 2018-12-17T22:24:27.099542685Z | 64 | PC: 12baa | Write file or device (Write 300 bytes on handle 5) |
| 2018-12-17T22:24:27.115801025Z | 66 | PC: 12b19 | Move file pointer |
| 2018-12-17T22:24:27.118149604Z | 64 | PC: 12b25 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:24:27.124609457Z | 62 | PC: 12b2b | Close file |
| 2018-12-17T22:24:27.132628792Z | 9 | PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.300 virus! ') |