Sample viewer

vx.netlux.org/Virus.DOS.Spar.1000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:46.590850943Z	51	PC: 12a4b \| Get or set Ctrl-Break
2018-12-17T23:12:46.5919625Z	61	PC: 12a8c \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:12:46.598289475Z	26	PC: 12a96 \| Set disk transfer address
2018-12-17T23:12:46.599182786Z	78	PC: 12aa0 \| Find first file
2018-12-17T23:12:46.605286355Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:46.608012227Z	61	PC: 12ab8 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:12:46.614184946Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:46.616330069Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:46.622325103Z	66	PC: 12afa \| Move file pointer
2018-12-17T23:12:46.623607298Z	62	PC: 12b19 \| Close file
2018-12-17T23:12:46.637824136Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T23:12:46.643355443Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T23:12:46.660274636Z	61	PC: 12b40 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:12:46.671137559Z	87	PC: 12b52 \| Get or set file date and time
2018-12-17T23:12:46.672483589Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:12:46.673809357Z	63	PC: 12b77 \| Read file or device (Read 27 bytes on handle 6)
2018-12-17T23:12:46.675952436Z	66	PC: 12b8b \| Move file pointer
2018-12-17T23:12:46.677043371Z	64	PC: 12b9a \| Write file or device (Write 27 bytes on handle 6)
2018-12-17T23:12:46.682322443Z	66	PC: 12bad \| Move file pointer
2018-12-17T23:12:46.683678298Z	66	PC: 12bbb \| Move file pointer
2018-12-17T23:12:46.684915776Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-17T23:12:46.691429833Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-17T23:12:46.699381751Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T23:12:46.701052563Z	67	PC: 12c00 \| Get or set file attributes
2018-12-17T23:12:46.711637306Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:46.719464444Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:46.722109327Z	61	PC: 12ab8 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:12:46.72934452Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:46.732480136Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:46.738969283Z	66	PC: 12afa \| Move file pointer
2018-12-17T23:12:46.740683942Z	62	PC: 12b19 \| Close file
2018-12-17T23:12:46.743591901Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T23:12:46.749242678Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T23:12:46.759281157Z	61	PC: 12b40 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:12:46.766619074Z	87	PC: 12b52 \| Get or set file date and time
2018-12-17T23:12:46.7680283Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:12:46.769321955Z	63	PC: 12b77 \| Read file or device (Read 92 bytes on handle 6)
2018-12-17T23:12:46.772391326Z	66	PC: 12b8b \| Move file pointer
2018-12-17T23:12:46.773765529Z	64	PC: 12b9a \| Write file or device (Write 92 bytes on handle 6)
2018-12-17T23:12:46.781661971Z	66	PC: 12bad \| Move file pointer
2018-12-17T23:12:46.783430558Z	66	PC: 12bbb \| Move file pointer
2018-12-17T23:12:46.784825593Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-17T23:12:46.791975269Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-17T23:12:46.801417139Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T23:12:46.8032191Z	67	PC: 12c00 \| Get or set file attributes
2018-12-17T23:12:46.814002266Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:46.821611877Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:46.824156Z	61	PC: 12ab8 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:12:46.830425906Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:46.832249131Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:46.838563245Z	66	PC: 12afa \| Move file pointer
2018-12-17T23:12:46.839863053Z	62	PC: 12b19 \| Close file
2018-12-17T23:12:46.842196481Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T23:12:46.847752263Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T23:12:46.862545399Z	61	PC: 12b40 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:12:46.870458816Z	87	PC: 12b52 \| Get or set file date and time
2018-12-17T23:12:46.872040109Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:12:46.873683593Z	63	PC: 12b77 \| Read file or device (Read 29 bytes on handle 6)
2018-12-17T23:12:46.881195907Z	66	PC: 12b8b \| Move file pointer
2018-12-17T23:12:46.882539195Z	64	PC: 12b9a \| Write file or device (Write 29 bytes on handle 6)
2018-12-17T23:12:46.890563389Z	66	PC: 12bad \| Move file pointer
2018-12-17T23:12:46.893120539Z	66	PC: 12bbb \| Move file pointer
2018-12-17T23:12:46.894749473Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-17T23:12:46.902015376Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-17T23:12:46.910412878Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T23:12:46.912923131Z	67	PC: 12c00 \| Get or set file attributes
2018-12-17T23:12:46.924167561Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:46.931551952Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:46.93534832Z	61	PC: 12ab8 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:12:46.942256146Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:46.944292156Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:46.952580422Z	66	PC: 12afa \| Move file pointer
2018-12-17T23:12:46.954466665Z	62	PC: 12b19 \| Close file
2018-12-17T23:12:46.956659697Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T23:12:46.963752367Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T23:12:46.973882443Z	61	PC: 12b40 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:12:46.980572574Z	87	PC: 12b52 \| Get or set file date and time
2018-12-17T23:12:46.982974674Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:12:46.984434835Z	63	PC: 12b77 \| Read file or device (Read 29 bytes on handle 6)
2018-12-17T23:12:46.987103923Z	66	PC: 12b8b \| Move file pointer
2018-12-17T23:12:46.989227783Z	64	PC: 12b9a \| Write file or device (Write 29 bytes on handle 6)
2018-12-17T23:12:46.997545013Z	66	PC: 12bad \| Move file pointer
2018-12-17T23:12:46.999054447Z	66	PC: 12bbb \| Move file pointer
2018-12-17T23:12:47.001237485Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-17T23:12:47.008130764Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-17T23:12:47.016038452Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T23:12:47.0184638Z	67	PC: 12c00 \| Get or set file attributes
2018-12-17T23:12:47.029374112Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:47.036256287Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:47.039679543Z	61	PC: 12ab8 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:12:47.046434963Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:47.047974938Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:47.054974342Z	66	PC: 12afa \| Move file pointer
2018-12-17T23:12:47.05686647Z	62	PC: 12b19 \| Close file
2018-12-17T23:12:47.058805201Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T23:12:47.06538618Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T23:12:47.082144375Z	61	PC: 12b40 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:12:47.089949103Z	87	PC: 12b52 \| Get or set file date and time
2018-12-17T23:12:47.091583288Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:12:47.093529991Z	63	PC: 12b77 \| Read file or device (Read 501 bytes on handle 6)
2018-12-17T23:12:47.096327193Z	66	PC: 12b8b \| Move file pointer
2018-12-17T23:12:47.098119599Z	64	PC: 12b9a \| Write file or device (Write 501 bytes on handle 6)
2018-12-17T23:12:47.106500966Z	66	PC: 12bad \| Move file pointer
2018-12-17T23:12:47.108140883Z	66	PC: 12bbb \| Move file pointer
2018-12-17T23:12:47.10998076Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-17T23:12:47.117717879Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-17T23:12:47.126272944Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T23:12:47.129025886Z	67	PC: 12c00 \| Get or set file attributes
2018-12-17T23:12:47.139668672Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:47.146724772Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:47.150721021Z	61	PC: 12ab8 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:12:47.157014468Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:47.168350169Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:47.175097727Z	66	PC: 12afa \| Move file pointer
2018-12-17T23:12:47.176356039Z	62	PC: 12b19 \| Close file
2018-12-17T23:12:47.177889704Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T23:12:47.183312038Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T23:12:47.193466037Z	61	PC: 12b40 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:12:47.200210607Z	87	PC: 12b52 \| Get or set file date and time
2018-12-17T23:12:47.20200684Z	66	PC: 12b68 \| Move file pointer
2018-12-17T23:12:47.204337651Z	63	PC: 12b77 \| Read file or device (Read 29 bytes on handle 6)
2018-12-17T23:12:47.208527861Z	66	PC: 12b8b \| Move file pointer
2018-12-17T23:12:47.210485262Z	64	PC: 12b9a \| Write file or device (Write 29 bytes on handle 6)
2018-12-17T23:12:47.220309181Z	66	PC: 12bad \| Move file pointer
2018-12-17T23:12:47.221879056Z	66	PC: 12bbb \| Move file pointer
2018-12-17T23:12:47.223476121Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-17T23:12:47.230573596Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-17T23:12:47.23914937Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T23:12:47.242568271Z	67	PC: 12c00 \| Get or set file attributes
2018-12-17T23:12:47.253078046Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:47.260432752Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:47.264206033Z	61	PC: 12ab8 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:12:47.270565182Z	66	PC: 12acb \| Move file pointer
2018-12-17T23:12:47.272167892Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T23:12:47.279949725Z	62	PC: 12c08 \| Close file
2018-12-17T23:12:47.282103962Z	79	PC: 12aa8 \| Find next file
2018-12-17T23:12:47.284629479Z	86	PC: 12c17 \| Rename file
2018-12-17T23:12:47.297073713Z	60	PC: 12c26 \| Create or truncate file
2018-12-17T23:12:47.309497509Z	66	PC: 12c3c \| Move file pointer
2018-12-17T23:12:47.31132594Z	66	PC: 12c54 \| Move file pointer
2018-12-17T23:12:47.314306802Z	66	PC: 12c62 \| Move file pointer
2018-12-17T23:12:47.316187453Z	63	PC: 12c71 \| Read file or device (Read 53338 bytes on handle 5)
2018-12-17T23:12:47.325742568Z	64	PC: 12c85 \| Write file or device (Write 53338 bytes on handle 6)
2018-12-17T23:12:47.336580769Z	62	PC: 12c92 \| Close file
2018-12-17T23:12:47.344846101Z	74	PC: 12ca6 \| Reallocate memory
2018-12-17T23:12:47.346423036Z	72	PC: 12cbb \| Allocate memory
2018-12-17T23:12:47.348965186Z	73	PC: 12cc6 \| Release memory
2018-12-17T23:12:47.350607134Z	75	PC: 12cf4 \| Execute program
2018-12-17T23:12:47.366593873Z	76	PC: 1301e \| Terminate with return code (Return code = '0')
2018-12-17T23:12:47.370615303Z	65	PC: 12cfb \| Delete file (Filename = 'A:\TEST.COM')
2018-12-17T23:12:47.382902992Z	86	PC: 12d07 \| Rename file
2018-12-17T23:12:47.397085224Z	44	PC: 12d0d \| Get time 0x12d0d: cmp ch, 0x12 0x12d10: jb 0x12d44 0x12d12: mov ah, 0x43 0x12d14: mov al, 1 0x12d16: mov cx, 2 0x12d19: mov dx, 0x498 0x12d1c: int 0x21 0x12d1e: xor bx, bx 0x12d20: mov cx, 0x1b 0x12d23: sub byte ptr [bx + 0x436], 0x40 0x12d28: sub byte ptr [bx + 0x452], 0x10 0x12d2d: inc bx 0x12d2e: loop 0x12d23 0x12d30: mov ah, 0x40 0x12d32: mov bx, 1 0x12d35: mov cx, 0x1b 0x12d38: mov dx, 0x436 0x12d3b: int 0x21 0x12d3d: mov ah, 0x40 0x12d3f: mov dx, 0x452
2018-12-17T23:12:47.400303912Z	51	PC: 12d4b \| Get or set Ctrl-Break

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17628,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:14.97197605Z	51	PC: 12a4b \| Get or set Ctrl-Break
2018-12-25T12:56:14.983104428Z	61	PC: 12a8c \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:56:14.990093031Z	26	PC: 12a96 \| Set disk transfer address
2018-12-25T12:56:14.991507657Z	78	PC: 12aa0 \| Find first file
2018-12-25T12:56:14.999516504Z	79	PC: 12aa8 \| Find next file
2018-12-25T12:56:15.001874763Z	61	PC: 12ab8 \| Open file (Filename = 'PRINT.COM')
2018-12-25T12:56:15.008155163Z	66	PC: 12acb \| Move file pointer
2018-12-25T12:56:15.009887999Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-25T12:56:15.016059318Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:56:15.017292418Z	62	PC: 12b19 \| Close file
2018-12-25T12:56:15.019921769Z	67	PC: 12b22 \| Get or set file attributes
2018-12-25T12:56:15.025396899Z	67	PC: 12b37 \| Get or set file attributes
2018-12-25T12:56:15.044885736Z	61	PC: 12b40 \| Open file (Filename = 'PRINT.COM')
2018-12-25T12:56:15.051627065Z	87	PC: 12b52 \| Get or set file date and time
2018-12-25T12:56:15.052937999Z	66	PC: 12b68 \| Move file pointer
2018-12-25T12:56:15.054111618Z	63	PC: 12b77 \| Read file or device (Read 27 bytes on handle 6)
2018-12-25T12:56:15.06096427Z	66	PC: 12b8b \| Move file pointer
2018-12-25T12:56:15.062367449Z	64	PC: 12b9a \| Write file or device (Write 27 bytes on handle 6)
2018-12-25T12:56:15.069993043Z	66	PC: 12bad \| Move file pointer
2018-12-25T12:56:15.071539259Z	66	PC: 12bbb \| Move file pointer
2018-12-25T12:56:15.07257347Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-25T12:56:15.07960494Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-25T12:56:15.087820956Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-25T12:56:15.089187427Z	67	PC: 12c00 \| Get or set file attributes
2018-12-25T12:56:15.099460057Z	62	PC: 12c08 \| Close file
2018-12-25T12:56:15.107385394Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.109807313Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.11608961Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.117868904Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.124048937Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.125324163Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.127525581Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.133141957Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.142592982Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.149431186Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.150646291Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.151834547Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.154742193Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.155962735Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.163748276Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.165470144Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.167471003Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.17400903Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.182863963Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.184529453Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.195343999Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.202622387Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.205052317Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.211297446Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.212805247Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.218864395Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.22009181Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.223406808Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.228851348Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.238738329Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.245775246Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.247385075Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.248930256Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.252285434Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.253620393Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.261389613Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.262908958Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.26441878Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.271360275Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.279991315Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.281343712Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.291477634Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.298543986Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.300938863Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.30704352Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.308400444Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.320379281Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.321616945Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.323327067Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.328719413Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.337913152Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.344934321Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.346125317Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.347294662Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.350218842Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.351419728Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.3591165Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.361066169Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.362507016Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.371029045Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.379629743Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.381005082Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.39145541Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.399224765Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.401945996Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.408200955Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.409959687Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.415910945Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.41712663Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.419124027Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.425422509Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.435089902Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.441658812Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.442847372Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.443989627Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.446415436Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.447558076Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.455268969Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.457150182Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.458405353Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.464974621Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.473274794Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.474582049Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.484742267Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.492722897Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.495213239Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.501518603Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.503371363Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.509669295Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.51137635Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.513668442Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.519381393Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.529015305Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.53545212Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.536605853Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.538065424Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.54057614Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.54170535Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.549897064Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.551078174Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.552790317Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.55974596Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.567714722Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.569164605Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.580380155Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.58707665Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.58947588Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.596171255Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.597422672Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.603504197Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.605663874Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.60783305Z	86	PC: 12c17 \| Rename file
2018-12-25T12:56:15.621181835Z	60	PC: 12c26 \| Create or truncate file
2018-12-25T12:56:15.631738704Z	66	PC: 12c3c \| Move file pointer
2018-12-25T12:56:15.632789882Z	66	PC: 12c54 \| Move file pointer
2018-12-25T12:56:15.633791446Z	66	PC: 12c62 \| Move file pointer
2018-12-25T12:56:15.634952544Z	63	PC: 12c71 \| Read file or device (Read 53338 bytes on handle 5)
2018-12-25T12:56:15.644067405Z	64	PC: 12c85 \| Write file or device (Write 53338 bytes on handle 6)
2018-12-25T12:56:15.65435491Z	62	PC: 12c92 \| Close file
2018-12-25T12:56:15.66202591Z	74	PC: 12ca6 \| Reallocate memory
2018-12-25T12:56:15.66321656Z	72	PC: 12cbb \| Allocate memory
2018-12-25T12:56:15.664604931Z	73	PC: 12cc6 \| Release memory
2018-12-25T12:56:15.665922698Z	75	PC: 12cf4 \| Execute program
2018-12-25T12:56:15.681962758Z	76	PC: 1301e \| Terminate with return code (Return code = '0')
2018-12-25T12:56:15.68447742Z	65	PC: 12cfb \| Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:56:15.692494747Z	86	PC: 12d07 \| Rename file
2018-12-25T12:56:15.703512734Z	44	PC: 12d0d \| Get time 0x12d0d: cmp ch, 0x12 0x12d10: jb 0x12d44 0x12d12: mov ah, 0x43 0x12d14: mov al, 1 0x12d16: mov cx, 2 0x12d19: mov dx, 0x498 0x12d1c: int 0x21 0x12d1e: xor bx, bx 0x12d20: mov cx, 0x1b 0x12d23: sub byte ptr [bx + 0x436], 0x40 0x12d28: sub byte ptr [bx + 0x452], 0x10 0x12d2d: inc bx 0x12d2e: loop 0x12d23 0x12d30: mov ah, 0x40 0x12d32: mov bx, 1 0x12d35: mov cx, 0x1b 0x12d38: mov dx, 0x436 0x12d3b: int 0x21 0x12d3d: mov ah, 0x40 0x12d3f: mov dx, 0x452
2018-12-25T12:56:15.706741495Z	51	PC: 12d4b \| Get or set Ctrl-Break

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17628,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:15.425164626Z	51	PC: 12a4b \| Get or set Ctrl-Break
2018-12-25T12:56:15.426123186Z	61	PC: 12a8c \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:56:15.433084931Z	26	PC: 12a96 \| Set disk transfer address
2018-12-25T12:56:15.434934243Z	78	PC: 12aa0 \| Find first file
2018-12-25T12:56:15.441143641Z	79	PC: 12aa8 \| Find next file
2018-12-25T12:56:15.443919088Z	61	PC: 12ab8 \| Open file (Filename = 'PRINT.COM')
2018-12-25T12:56:15.456851519Z	66	PC: 12acb \| Move file pointer
2018-12-25T12:56:15.458603346Z	63	PC: 12ad9 \| Read file or device (Read 1 bytes on handle 6)
2018-12-25T12:56:15.464948466Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:56:15.466392462Z	62	PC: 12b19 \| Close file
2018-12-25T12:56:15.471867246Z	67	PC: 12b22 \| Get or set file attributes
2018-12-25T12:56:15.477432234Z	67	PC: 12b37 \| Get or set file attributes
2018-12-25T12:56:15.493868538Z	61	PC: 12b40 \| Open file (Filename = 'PRINT.COM')
2018-12-25T12:56:15.500511041Z	87	PC: 12b52 \| Get or set file date and time
2018-12-25T12:56:15.501753974Z	66	PC: 12b68 \| Move file pointer
2018-12-25T12:56:15.50305031Z	63	PC: 12b77 \| Read file or device (Read 27 bytes on handle 6)
2018-12-25T12:56:15.505882846Z	66	PC: 12b8b \| Move file pointer
2018-12-25T12:56:15.507081912Z	64	PC: 12b9a \| Write file or device (Write 27 bytes on handle 6)
2018-12-25T12:56:15.515007496Z	66	PC: 12bad \| Move file pointer
2018-12-25T12:56:15.516256219Z	66	PC: 12bbb \| Move file pointer
2018-12-25T12:56:15.517547926Z	63	PC: 12bc9 \| Read file or device (Read 1000 bytes on handle 5)
2018-12-25T12:56:15.524607941Z	64	PC: 12bdc \| Write file or device (Write 1000 bytes on handle 6)
2018-12-25T12:56:15.533042211Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-25T12:56:15.534323318Z	67	PC: 12c00 \| Get or set file attributes
2018-12-25T12:56:15.544367516Z	62	PC: 12c08 \| Close file
2018-12-25T12:56:15.550812697Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.553086694Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.558942616Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.560234572Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.56605705Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.56714292Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.568829439Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.57405554Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.585328176Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.592743967Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.594087372Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.595459289Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.602684791Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.604456248Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.612265725Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.614308607Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.615533373Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.622259617Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.630159328Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.63151348Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.643600836Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.654922417Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.657289319Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.663864487Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.665807961Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.671754079Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.673050531Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.694921983Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.700713503Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.710362389Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.717798645Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.719237287Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.720518011Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.724279812Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.725782305Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.734201378Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.736923346Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.738309845Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.744965631Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.753603357Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.75535768Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.765946372Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.773781788Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.776610686Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.783172963Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.785574206Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.791701735Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.793265495Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.795888268Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.800744182Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.809255249Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.815731814Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.816736352Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.817719834Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.819957475Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.820948558Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.830478264Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.832864073Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.83466387Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.841563042Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.850114239Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.851501495Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.861659351Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.868908272Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.872108481Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.878378318Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.880061631Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.886104253Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.887351542Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.8894419Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.895371475Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:15.905640636Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:15.912905257Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:15.914171326Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:15.915429727Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:15.918306292Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:15.919766171Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:15.927919358Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:15.930056613Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:15.931376332Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:15.938411629Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:15.946747738Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:15.948425198Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:15.9589054Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:15.966316891Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:15.968857248Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:15.975440798Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:15.977165336Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:15.983365472Z	66	PC: 12afa \| Move file pointer (See above)
2018-12-25T12:56:15.985029282Z	62	PC: 12b19 \| Close file (See above)
2018-12-25T12:56:15.986628938Z	67	PC: 12b22 \| Get or set file attributes (See above)
2018-12-25T12:56:15.991993876Z	67	PC: 12b37 \| Get or set file attributes (See above)
2018-12-25T12:56:16.004700342Z	61	PC: 12b40 \| Open file (See above)
2018-12-25T12:56:16.011011101Z	87	PC: 12b52 \| Get or set file date and time (See above)
2018-12-25T12:56:16.012162852Z	66	PC: 12b68 \| Move file pointer (See above)
2018-12-25T12:56:16.013905891Z	63	PC: 12b77 \| Read file or device (See above)
2018-12-25T12:56:16.020250308Z	66	PC: 12b8b \| Move file pointer (See above)
2018-12-25T12:56:16.021370639Z	64	PC: 12b9a \| Write file or device (See above)
2018-12-25T12:56:16.03015466Z	66	PC: 12bad \| Move file pointer (See above)
2018-12-25T12:56:16.031525646Z	66	PC: 12bbb \| Move file pointer (See above)
2018-12-25T12:56:16.032870569Z	63	PC: 12bc9 \| Read file or device (See above)
2018-12-25T12:56:16.040915295Z	64	PC: 12bdc \| Write file or device (See above)
2018-12-25T12:56:16.048712259Z	87	PC: 12bf3 \| Get or set file date and time (See above)
2018-12-25T12:56:16.050103102Z	67	PC: 12c00 \| Get or set file attributes (See above)
2018-12-25T12:56:16.061404235Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:16.068617217Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:16.071393084Z	61	PC: 12ab8 \| Open file (See above)
2018-12-25T12:56:16.078820322Z	66	PC: 12acb \| Move file pointer (See above)
2018-12-25T12:56:16.080554723Z	63	PC: 12ad9 \| Read file or device (See above)
2018-12-25T12:56:16.087030843Z	62	PC: 12c08 \| Close file (See above)
2018-12-25T12:56:16.08961301Z	79	PC: 12aa8 \| Find next file (See above)
2018-12-25T12:56:16.092219783Z	86	PC: 12c17 \| Rename file
2018-12-25T12:56:16.103071374Z	60	PC: 12c26 \| Create or truncate file
2018-12-25T12:56:16.11093785Z	66	PC: 12c3c \| Move file pointer
2018-12-25T12:56:16.112296382Z	66	PC: 12c54 \| Move file pointer
2018-12-25T12:56:16.113303603Z	66	PC: 12c62 \| Move file pointer
2018-12-25T12:56:16.114790347Z	63	PC: 12c71 \| Read file or device (Read 53338 bytes on handle 5)
2018-12-25T12:56:16.121122454Z	64	PC: 12c85 \| Write file or device (Write 53338 bytes on handle 6)
2018-12-25T12:56:16.128248816Z	62	PC: 12c92 \| Close file
2018-12-25T12:56:16.133892446Z	74	PC: 12ca6 \| Reallocate memory
2018-12-25T12:56:16.134903302Z	72	PC: 12cbb \| Allocate memory
2018-12-25T12:56:16.13607083Z	73	PC: 12cc6 \| Release memory
2018-12-25T12:56:16.137601501Z	75	PC: 12cf4 \| Execute program
2018-12-25T12:56:16.147650953Z	76	PC: 1301e \| Terminate with return code (Return code = '0')
2018-12-25T12:56:16.149590561Z	65	PC: 12cfb \| Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:56:16.158687306Z	86	PC: 12d07 \| Rename file
2018-12-25T12:56:16.166217259Z	44	PC: 12d0d \| Get time 0x12d0d: cmp ch, 0x12 0x12d10: jb 0x12d44 0x12d12: mov ah, 0x43 0x12d14: mov al, 1 0x12d16: mov cx, 2 0x12d19: mov dx, 0x498 0x12d1c: int 0x21 0x12d1e: xor bx, bx 0x12d20: mov cx, 0x1b 0x12d23: sub byte ptr [bx + 0x436], 0x40 0x12d28: sub byte ptr [bx + 0x452], 0x10 0x12d2d: inc bx 0x12d2e: loop 0x12d23 0x12d30: mov ah, 0x40 0x12d32: mov bx, 1 0x12d35: mov cx, 0x1b 0x12d38: mov dx, 0x436 0x12d3b: int 0x21 0x12d3d: mov ah, 0x40 0x12d3f: mov dx, 0x452
2018-12-25T12:56:16.167905817Z	67	PC: 12d1e \| Get or set file attributes
2018-12-25T12:56:16.175792697Z	64	PC: 12d3d \| Write file or device (Write 27 bytes on handle 1)
2018-12-25T12:56:16.180173359Z	64	PC: 12d44 \| Write file or device (Write 27 bytes on handle 1)
2018-12-25T12:56:16.185703083Z	51	PC: 12d4b \| Get or set Ctrl-Break