.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:39:28.380962004Z | 47 | PC: 151a8 | Get disk transfer address |
| 2018-12-17T22:39:28.382687521Z | 26 | PC: 151b4 | Set disk transfer address |
| 2018-12-17T22:39:28.383915386Z | 71 | PC: 151be | Get current directory |
| 2018-12-17T22:39:28.386989661Z | 78 | PC: 151c9 | Find first file |
| 2018-12-17T22:39:28.395797644Z | 67 | PC: 151d7 | Get or set file attributes |
| 2018-12-17T22:39:28.407570361Z | 67 | PC: 151e7 | Get or set file attributes |
| 2018-12-17T22:39:28.422977464Z | 61 | PC: 151f8 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:39:28.430316576Z | 63 | PC: 15212 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:39:28.4363765Z | 66 | PC: 15269 | Move file pointer |
| 2018-12-17T22:39:28.437590974Z | 64 | PC: 15274 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:39:28.44226928Z | 66 | PC: 1527d | Move file pointer |
| 2018-12-17T22:39:28.44356007Z | 44 | PC: 15281 | Get time 0x15281: mov byte ptr [bp + 0x31c], dl 0x15285: lea dx, word ptr [bp + 0x107] 0x15289: mov cx, 0x223 0x1528c: lea ax, word ptr [bp + 0x257] 0x15290: push ax 0x15291: push cx 0x15292: push dx 0x15293: push ax 0x15294: push bp 0x15295: mov bp, sp 0x15297: mov word ptr [bp + 2], 0xff 0x1529c: pop bp 0x1529d: jmp 0x15162 0x152a0: mov ax, 0x5701 0x152a3: mov cx, word ptr [bp + 0x314] 0x152a7: mov dx, word ptr [bp + 0x316] 0x152ab: int 0x21 0x152ad: mov ah, 0x3e 0x152af: int 0x21 0x152b1: mov ax, 0x4301 |
| 2018-12-17T22:39:28.445775402Z | 64 | PC: 1518c | Write file or device (Write 547 bytes on handle 5) |
| 2018-12-17T22:39:28.454101071Z | 87 | PC: 152ad | Get or set file date and time |
| 2018-12-17T22:39:28.456017272Z | 62 | PC: 152b1 | Close file |
| 2018-12-17T22:39:28.463430231Z | 67 | PC: 152c0 | Get or set file attributes |
| 2018-12-17T22:39:28.474120148Z | 59 | PC: 152c8 | Change current directory |
| 2018-12-17T22:39:28.478123809Z | 26 | PC: 152d9 | Set disk transfer address |
| 2018-12-17T22:39:28.47907888Z | 9 | PC: 15146 | Display string (String= '
� From a collection of viruses MASSER.
� 210008, P.O.Box 6, Vitebsk, Belarus.
� E-mail |
| 2018-12-17T22:39:28.490766242Z | 76 | PC: 1514a | Terminate with return code (Return code = '36') |