.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T21:54:19.429696806Z | 26 | PC: 12aa0 | Set disk transfer address |
| 2018-12-17T21:54:19.431589304Z | 78 | PC: 12aac | Find first file |
| 2018-12-17T21:54:19.438634438Z | 61 | PC: 12abf | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T21:54:19.445316993Z | 63 | PC: 12acd | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T21:54:19.4538628Z | 66 | PC: 12ae0 | Move file pointer |
| 2018-12-17T21:54:19.455242126Z | 44 | PC: 12aed | Get time 0x12aed: xchg cl, ch 0x12aef: add dx, cx 0x12af1: mov word ptr [bp + 0x11f], dx 0x12af5: mov ah, 0x40 0x12af7: mov cx, 0x12f 0x12afa: lea dx, word ptr [bp] 0x12afd: pushaw 0x12afe: jmp 0x12ba7 0x12b01: pop ax 0x12b02: jb 0x12aae 0x12b04: sub ax, 3 0x12b07: push bx 0x12b08: mov bx, bp 0x12b0a: mov word ptr cs:[bx + 1], ax 0x12b0e: mov byte ptr [bx], 0xe9 0x12b11: pop bx 0x12b12: mov ax, 0x4200 0x12b15: xor cx, cx 0x12b17: cdq 0x12b18: int 0x21 |
| 2018-12-17T21:54:19.457497445Z | 64 | PC: 12bad | Write file or device (Write 303 bytes on handle 5) |
| 2018-12-17T21:54:19.471719632Z | 66 | PC: 12b1a | Move file pointer |
| 2018-12-17T21:54:19.473742594Z | 64 | PC: 12b27 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T21:54:19.480105847Z | 62 | PC: 12b2d | Close file |
| 2018-12-17T21:54:19.487999062Z | 9 | PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.303 virus! ') |