.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:48:20.503301809Z | 44 | PC: 12a82 | Get time 0x12a82: mov byte ptr [0x139], dl 0x12a86: cmp byte ptr [0x139], 0 0x12a8b: je 0x12a7e 0x12a8d: mov dx, 0x5945 0x12a90: mov ax, 0xfa01 0x12a93: int 0x16 0x12a95: mov ah, 9 0x12a97: mov dx, 0x1f1 0x12a9a: int 0x21 0x12a9c: mov ah, 9 0x12a9e: mov dx, 0x20a 0x12aa1: int 0x21 0x12aa3: mov dx, 0x21c 0x12aa6: mov ax, 0x4301 0x12aa9: mov cx, 0 0x12aac: int 0x15 0x12aae: mov ah, 0x41 0x12ab0: int 0x21 0x12ab2: cmp dx, 0x227 0x12ab6: je 0x12abd |
| 2018-12-17T22:48:20.507095314Z | 9 | PC: 12a9c | Display string (String= 'Merci virus infected : ') |
| 2018-12-17T22:48:20.509414485Z | 9 | PC: 12aa3 | Display string (String= '������������') |
| 2018-12-17T22:48:20.51219437Z | 65 | PC: 12ab2 | Delete file (Filename = 'CHKLIST.MS') |
| 2018-12-17T22:48:20.518545288Z | 65 | PC: 12ab2 | Delete file (Filename = 'ANTI-VIR.DAT') |
| 2018-12-17T22:48:20.524473588Z | 78 | PC: 12ac7 | Find first file |
| 2018-12-17T22:48:20.530121543Z | 61 | PC: 12af2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:48:20.536384047Z | 87 | PC: 12af8 | Get or set file date and time |
| 2018-12-17T22:48:20.538245767Z | 63 | PC: 12b0a | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T22:48:20.544310713Z | 62 | PC: 12b16 | Close file |
| 2018-12-17T22:48:20.546053167Z | 61 | PC: 12b1e | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:48:20.553471508Z | 64 | PC: 12a66 | Write file or device (Write 308 bytes on handle 5) |
| 2018-12-17T22:48:20.556045401Z | 87 | PC: 12a73 | Get or set file date and time |
| 2018-12-17T22:48:20.557378227Z | 62 | PC: 12a77 | Close file |