Sample viewer

vx.netlux.org/Virus.DOS.HKill.997

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:45.966520791Z	26	PC: 1ceb7 \| Set disk transfer address
2018-12-17T22:39:45.967673517Z	71	PC: 1ced9 \| Get current directory
2018-12-17T22:39:45.970421186Z	78	PC: 1cef5 \| Find first file
2018-12-17T22:39:45.975274904Z	61	PC: 1cfc5 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:39:45.98320604Z	87	PC: 1cfd4 \| Get or set file date and time
2018-12-17T22:39:45.984487831Z	63	PC: 1cfed \| Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:39:45.989383103Z	87	PC: 1d022 \| Get or set file date and time
2018-12-17T22:39:45.991400178Z	62	PC: 1d026 \| Close file
2018-12-17T22:39:46.006938151Z	79	PC: 1cf2c \| Find next file
2018-12-17T22:39:46.010067384Z	59	PC: 1cf38 \| Change current directory
2018-12-17T22:39:46.014522442Z	42	PC: 1cf48 \| Get date 0x1cf48: cmp al, 1 0x1cf4a: jne 0x1cf5a 0x1cf4c: mov al, byte ptr cs:[bp + 0x353] 0x1cf51: and al, 0x14 0x1cf53: cmp al, 0x14 0x1cf55: jne 0x1cf5a 0x1cf57: call 0x1d1e7 0x1cf5a: inc byte ptr cs:[bp + 0x354] 0x1cf5f: lea ax, word ptr [bp + 0x354] 0x1cf63: mov dx, 0x3b00 0x1cf66: xchg ax, dx 0x1cf67: int 0x21 0x1cf69: call 0x1d259 0x1cf6c: mov dx, 0x1a00 0x1cf6f: mov ax, 0x80 0x1cf72: xchg ax, dx 0x1cf73: int 0x21 0x1cf75: mov cx, 8 0x1cf78: lea si, word ptr [bp + 0x188] 0x1cf7c: lea di, word ptr [bp + 0x180]
2018-12-17T22:39:46.01651717Z	59	PC: 1cf69 \| Change current directory
2018-12-17T22:39:46.020293077Z	26	PC: 1cf75 \| Set disk transfer address
2018-12-17T22:39:46.032469647Z	48	PC: 18800 \| Get DOS version
2018-12-17T22:39:46.034061778Z	74	PC: 18879 \| Reallocate memory
2018-12-17T22:39:46.037266669Z	53	PC: 188f7 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:46.041058952Z	37	PC: 18909 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:46.043885058Z	68	PC: 18999 \| I/O control for devices
2018-12-17T22:39:46.045785062Z	68	PC: 18999 \| I/O control for devices (Set for = '^ï¿½')
2018-12-17T22:39:46.048374659Z	68	PC: 18999 \| I/O control for devices (Set for = 'Fï¿½@ï¿½Fï¿½ï¿½vï¿½ï¿½')
2018-12-17T22:39:46.050363336Z	68	PC: 18999 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½ RQï¿½Nï¿½ï¿½ï¿½RQï¿½Nï¿½ï¿½RQï¿½rï¿½ï¿½vï¿½ï¿½')
2018-12-17T22:39:46.05220611Z	68	PC: 18999 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½ RQï¿½Nï¿½ï¿½ï¿½RQï¿½Nï¿½ï¿½RQï¿½rï¿½ï¿½vï¿½ï¿½')
2018-12-17T22:39:46.058510068Z	56	PC: 18e06 \| Get or set country info
2018-12-17T22:39:46.060811577Z	68	PC: 16d11 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½=ï¿½ZÒ¼ß±ï¿½(Ú27ï¿½ï¿½Êº9U*Cï¿½Z ï¿½ï¿½ï¿½ï¿½ï¿½Tï¿½ï¿½ï¿½:ï¿½zï¿½{$ï¿½ï¿½ï¿½@ï¿½W`yï¿½ï¿½ã¨†pï¿½ï¿½wï¿½qï¿½ï¿½. ï¿½[ÉŒ44Rï¿½ï¿½Rï¿½~ï¿½ï¿½')
2018-12-17T22:39:46.062506928Z	68	PC: 16d26 \| I/O control for devices (Set for = '*eg?\I8ï¿½`ï¿½{9Uï¿½ï¿½jlï¿½ï¿½ËsWkbï¿½ï¿½bhï¿½ï¿½+"`gï¿½>ï¿½:ï¿½eï¿½ï¿½=ï¿½ï¿½R2hï¿½ï¿½hï¿½!ï¿½Ü…ï¿½ï¿½ï¿½Nï¿½ï¿½S"Þ¿DYï¿½ï¿½ugï¿½yï¿½ï¿½ï¿½yï¿½ï¿½rï¿½ï¿½ï¿½ï¿½0eqUÅ¢m8u1ï¿½ï¿½Pï¿½ï¿½ï¿½Nï¿½~l'ï¿½ï¿½dï¿½Nï¿½ï¿½sï¿½aï¿½+ï¿½jï¿½ï¿½ï¿½ï¿½')
2018-12-17T22:39:46.065444932Z	84	PC: 174f7 \| Get verify flag
2018-12-17T22:39:46.066945449Z	51	PC: 174ff \| Get or set Ctrl-Break
2018-12-17T22:39:46.068194233Z	51	PC: 1750a \| Get or set Ctrl-Break
2018-12-17T22:39:46.078739652Z	37	PC: 17514 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:46.081206078Z	53	PC: 17046 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:46.083651386Z	37	PC: 17056 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:46.087116591Z	55	PC: 16d4c \| Get or set switch character
2018-12-17T22:39:46.090220116Z	43	PC: 174db \| Set date
2018-12-17T22:39:46.092721865Z	61	PC: 18f65 \| Open file (Filename = 'ï¿½:*Oï¿½k')
2018-12-17T22:39:46.101990992Z	61	PC: 18f65 \| Open file (Filename = 'A:/PKZIP.CFG')
2018-12-17T22:39:46.108837333Z	68	PC: 169f5 \| I/O control for devices (Set for = '!')
2018-12-17T22:39:46.120210121Z	61	PC: 17292 \| Open file (Filename = 'ï¿½LNfï¿½ï¿½Æšï¿½juFï¿½Dï¿½ï¿½ ï¿½iUï¿½Uï¿½ï¿½ï¿½tï¿½ï¿½eï¿½ï¿½ï¿½Nï¿½Pï¿½ï¿½/ï¿½ï¿½ï¿½g/!ï¿½ï¿½"wï¿½ï¿½9>ï¿½ï¿½Nï¿½gfWï¿½cï¿½LEgï¿½qOvï¿½ï¿½ï¿½ï¿½ï¿½Ó· ï¿½Øµï¿½ï¿½ï¿½ï¿½Aï¿½ï¿½1Mï¿½ï¿½ï¿½Yï¿½ï¿½A3ï¿½tï¿½ï¿½ï¿½Q]*ï¿½?ï¿½ï¿½Ë‡9ï¿½ï¿½CBï¿½'ï¿½ï¿½,ï¿½aï¿½7ï¿½5ï¿½CÃ„#ï¿½9tï¿½4ï¿½ï¿½ ÖŒ_cï¿½ï¿½pï¿½cï¿½ï¿½ï¿½2ï¿½ï¿½ï¿½ï¿½Qï¿½ia/ï¿½ï¿½
2018-12-17T22:39:46.128649538Z	227	PC: 16df6 \| UNKNOWN!
2018-12-17T22:39:46.130119334Z	96	PC: 16dac \| Qualify filename
2018-12-17T22:39:46.135195995Z	64	PC: 17184 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:39:46.141409336Z	64	PC: 17184 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:39:46.171243301Z	12	PC: 18e06 \| Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:20.1620687Z	26	PC: 1ceb7 \| Set disk transfer address
2018-12-25T12:00:20.163794532Z	71	PC: 1ced9 \| Get current directory
2018-12-25T12:00:20.166922903Z	78	PC: 1cef5 \| Find first file
2018-12-25T12:00:20.173442627Z	61	PC: 1cfc5 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:00:20.182163218Z	87	PC: 1cfd4 \| Get or set file date and time
2018-12-25T12:00:20.183870398Z	63	PC: 1cfed \| Read file or device (Read 29 bytes on handle 5)
2018-12-25T12:00:20.186683627Z	87	PC: 1d022 \| Get or set file date and time
2018-12-25T12:00:20.189122222Z	62	PC: 1d026 \| Close file
2018-12-25T12:00:21.466521179Z	79	PC: 1cf2c \| Find next file
2018-12-25T12:00:21.469242894Z	59	PC: 1cf38 \| Change current directory
2018-12-25T12:00:21.480439327Z	42	PC: 1cf48 \| Get date 0x1cf48: cmp al, 1 0x1cf4a: jne 0x1cf5a 0x1cf4c: mov al, byte ptr cs:[bp + 0x353] 0x1cf51: and al, 0x14 0x1cf53: cmp al, 0x14 0x1cf55: jne 0x1cf5a 0x1cf57: call 0x1d1e7 0x1cf5a: inc byte ptr cs:[bp + 0x354] 0x1cf5f: lea ax, word ptr [bp + 0x354] 0x1cf63: mov dx, 0x3b00 0x1cf66: xchg ax, dx 0x1cf67: int 0x21 0x1cf69: call 0x1d259 0x1cf6c: mov dx, 0x1a00 0x1cf6f: mov ax, 0x80 0x1cf72: xchg ax, dx 0x1cf73: int 0x21 0x1cf75: mov cx, 8 0x1cf78: lea si, word ptr [bp + 0x188] 0x1cf7c: lea di, word ptr [bp + 0x180]
2018-12-25T12:00:21.482906359Z	59	PC: 1cf69 \| Change current directory
2018-12-25T12:00:21.494155659Z	26	PC: 1cf75 \| Set disk transfer address
2018-12-25T12:00:21.515307927Z	48	PC: 18800 \| Get DOS version
2018-12-25T12:00:21.518164195Z	74	PC: 18879 \| Reallocate memory
2018-12-25T12:00:21.521073227Z	53	PC: 188f7 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:21.52298454Z	37	PC: 18909 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:21.52485264Z	68	PC: 18999 \| I/O control for devices
2018-12-25T12:00:21.52678977Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:21.528382098Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:21.530467814Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:21.531855254Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:21.53678938Z	56	PC: 18e06 \| Get or set country info
2018-12-25T12:00:21.539762557Z	68	PC: 16d11 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½=ï¿½ZÒ¼ß±ï¿½(Ú27ï¿½ï¿½Êº9U*Cï¿½Z ï¿½ï¿½ï¿½ï¿½ï¿½Tï¿½ï¿½ï¿½:ï¿½zï¿½{$ï¿½ï¿½ï¿½@ï¿½W`yï¿½ï¿½ã¨†pï¿½ï¿½wï¿½qï¿½ï¿½. ï¿½[ÉŒ44Rï¿½ï¿½Rï¿½~ï¿½ï¿½')
2018-12-25T12:00:21.541135293Z	68	PC: 16d26 \| I/O control for devices (Set for = '*eg?\I8ï¿½`ï¿½{9Uï¿½ï¿½jlï¿½ï¿½ËsWkbï¿½ï¿½bhï¿½ï¿½+"`gï¿½>ï¿½:ï¿½eï¿½ï¿½=ï¿½ï¿½R2hï¿½ï¿½hï¿½!ï¿½Ü…ï¿½ï¿½ï¿½Nï¿½ï¿½S"Þ¿DYï¿½ï¿½ugï¿½yï¿½ï¿½ï¿½yï¿½ï¿½rï¿½ï¿½ï¿½ï¿½0eqUÅ¢m8u1ï¿½ï¿½Pï¿½ï¿½ï¿½Nï¿½~l'ï¿½ï¿½dï¿½Nï¿½ï¿½sï¿½aï¿½+ï¿½jï¿½ï¿½ï¿½ï¿½')
2018-12-25T12:00:21.542568291Z	84	PC: 174f7 \| Get verify flag
2018-12-25T12:00:21.544180022Z	51	PC: 174ff \| Get or set Ctrl-Break
2018-12-25T12:00:21.545187802Z	51	PC: 1750a \| Get or set Ctrl-Break
2018-12-25T12:00:21.546250704Z	37	PC: 17514 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:21.549913045Z	53	PC: 17046 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:21.552164412Z	37	PC: 17056 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:21.554696823Z	55	PC: 16d4c \| Get or set switch character
2018-12-25T12:00:21.557933753Z	43	PC: 174db \| Set date
2018-12-25T12:00:21.561116721Z	61	PC: 18f65 \| Open file (Filename = 'ï¿½:*Oï¿½k')
2018-12-25T12:00:21.573413409Z	61	PC: 18f65 \| Open file (See above)
2018-12-25T12:00:21.589071421Z	68	PC: 169f5 \| I/O control for devices (Set for = '!')
2018-12-25T12:00:21.598234642Z	61	PC: 17292 \| Open file (Filename = 'ï¿½LNfï¿½ï¿½Æšï¿½juFï¿½Dï¿½ï¿½ ï¿½iUï¿½Uï¿½ï¿½ï¿½tï¿½ï¿½eï¿½ï¿½ï¿½Nï¿½Pï¿½ï¿½/ï¿½ï¿½ï¿½g/!ï¿½ï¿½"wï¿½ï¿½9>ï¿½ï¿½Nï¿½gfWï¿½cï¿½LEgï¿½qOvï¿½ï¿½ï¿½ï¿½ï¿½Ó· ï¿½Øµï¿½ï¿½ï¿½ï¿½Aï¿½ï¿½1Mï¿½ï¿½ï¿½Yï¿½ï¿½A3ï¿½tï¿½ï¿½ï¿½Q]*ï¿½?ï¿½ï¿½Ë‡9ï¿½ï¿½CBï¿½'ï¿½ï¿½,ï¿½aï¿½7ï¿½5ï¿½CÃ„#ï¿½9tï¿½4ï¿½ï¿½ ÖŒ_cï¿½ï¿½pï¿½cï¿½ï¿½ï¿½2ï¿½ï¿½ï¿½ï¿½Qï¿½ia/ï¿½ï¿½
2018-12-25T12:00:21.606000374Z	227	PC: 16df6 \| UNKNOWN!
2018-12-25T12:00:21.607786598Z	96	PC: 16dac \| Qualify filename
2018-12-25T12:00:21.613178574Z	64	PC: 17184 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:00:21.616961464Z	64	PC: 17184 \| Write file or device (See above)
2018-12-25T12:00:21.651409606Z	12	PC: 18e06 \| Flush input buffer and input (See above)

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6838,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:20.561322873Z	26	PC: 1ceb7 \| Set disk transfer address
2018-12-25T12:00:20.563411287Z	71	PC: 1ced9 \| Get current directory
2018-12-25T12:00:20.56622651Z	78	PC: 1cef5 \| Find first file
2018-12-25T12:00:20.571930165Z	61	PC: 1cfc5 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:00:20.578883202Z	87	PC: 1cfd4 \| Get or set file date and time
2018-12-25T12:00:20.580379389Z	63	PC: 1cfed \| Read file or device (Read 29 bytes on handle 5)
2018-12-25T12:00:20.58309378Z	87	PC: 1d022 \| Get or set file date and time
2018-12-25T12:00:20.586910924Z	62	PC: 1d026 \| Close file
2018-12-25T12:00:20.709792242Z	79	PC: 1cf2c \| Find next file
2018-12-25T12:00:20.712182797Z	59	PC: 1cf38 \| Change current directory
2018-12-25T12:00:20.721935177Z	42	PC: 1cf48 \| Get date 0x1cf48: cmp al, 1 0x1cf4a: jne 0x1cf5a 0x1cf4c: mov al, byte ptr cs:[bp + 0x353] 0x1cf51: and al, 0x14 0x1cf53: cmp al, 0x14 0x1cf55: jne 0x1cf5a 0x1cf57: call 0x1d1e7 0x1cf5a: inc byte ptr cs:[bp + 0x354] 0x1cf5f: lea ax, word ptr [bp + 0x354] 0x1cf63: mov dx, 0x3b00 0x1cf66: xchg ax, dx 0x1cf67: int 0x21 0x1cf69: call 0x1d259 0x1cf6c: mov dx, 0x1a00 0x1cf6f: mov ax, 0x80 0x1cf72: xchg ax, dx 0x1cf73: int 0x21 0x1cf75: mov cx, 8 0x1cf78: lea si, word ptr [bp + 0x188] 0x1cf7c: lea di, word ptr [bp + 0x180]
2018-12-25T12:00:20.724103636Z	59	PC: 1cf69 \| Change current directory
2018-12-25T12:00:20.73322008Z	26	PC: 1cf75 \| Set disk transfer address
2018-12-25T12:00:20.752574795Z	48	PC: 18800 \| Get DOS version
2018-12-25T12:00:20.754527497Z	74	PC: 18879 \| Reallocate memory
2018-12-25T12:00:20.757924456Z	53	PC: 188f7 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:20.759945759Z	37	PC: 18909 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:20.761940875Z	68	PC: 18999 \| I/O control for devices
2018-12-25T12:00:20.763874496Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:20.765698432Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:20.766996297Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:20.768324628Z	68	PC: 18999 \| I/O control for devices (See above)
2018-12-25T12:00:20.772970375Z	56	PC: 18e06 \| Get or set country info
2018-12-25T12:00:20.775072737Z	68	PC: 16d11 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½=ï¿½ZÒ¼ß±ï¿½(Ú27ï¿½ï¿½Êº9U*Cï¿½Z ï¿½ï¿½ï¿½ï¿½ï¿½Tï¿½ï¿½ï¿½:ï¿½zï¿½{$ï¿½ï¿½ï¿½@ï¿½W`yï¿½ï¿½ã¨†pï¿½ï¿½wï¿½qï¿½ï¿½. ï¿½[ÉŒ44Rï¿½ï¿½Rï¿½~ï¿½ï¿½')
2018-12-25T12:00:20.776761004Z	68	PC: 16d26 \| I/O control for devices (Set for = '*eg?\I8ï¿½`ï¿½{9Uï¿½ï¿½jlï¿½ï¿½ËsWkbï¿½ï¿½bhï¿½ï¿½+"`gï¿½>ï¿½:ï¿½eï¿½ï¿½=ï¿½ï¿½R2hï¿½ï¿½hï¿½!ï¿½Ü…ï¿½ï¿½ï¿½Nï¿½ï¿½S"Þ¿DYï¿½ï¿½ugï¿½yï¿½ï¿½ï¿½yï¿½ï¿½rï¿½ï¿½ï¿½ï¿½0eqUÅ¢m8u1ï¿½ï¿½Pï¿½ï¿½ï¿½Nï¿½~l'ï¿½ï¿½dï¿½Nï¿½ï¿½sï¿½aï¿½+ï¿½jï¿½ï¿½ï¿½ï¿½')
2018-12-25T12:00:20.778560855Z	84	PC: 174f7 \| Get verify flag
2018-12-25T12:00:20.779531352Z	51	PC: 174ff \| Get or set Ctrl-Break
2018-12-25T12:00:20.78022154Z	51	PC: 1750a \| Get or set Ctrl-Break
2018-12-25T12:00:20.781296106Z	37	PC: 17514 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:20.783334619Z	53	PC: 17046 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:20.785454791Z	37	PC: 17056 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:20.788866041Z	55	PC: 16d4c \| Get or set switch character
2018-12-25T12:00:20.791031445Z	43	PC: 174db \| Set date
2018-12-25T12:00:20.793856461Z	61	PC: 18f65 \| Open file (Filename = 'ï¿½:*Oï¿½k')
2018-12-25T12:00:20.805031415Z	61	PC: 18f65 \| Open file (See above)
2018-12-25T12:00:20.811562645Z	68	PC: 169f5 \| I/O control for devices (Set for = '!')
2018-12-25T12:00:20.822453759Z	61	PC: 17292 \| Open file (Filename = 'ï¿½LNfï¿½ï¿½Æšï¿½juFï¿½Dï¿½ï¿½ ï¿½iUï¿½Uï¿½ï¿½ï¿½tï¿½ï¿½eï¿½ï¿½ï¿½Nï¿½Pï¿½ï¿½/ï¿½ï¿½ï¿½g/!ï¿½ï¿½"wï¿½ï¿½9>ï¿½ï¿½Nï¿½gfWï¿½cï¿½LEgï¿½qOvï¿½ï¿½ï¿½ï¿½ï¿½Ó· ï¿½Øµï¿½ï¿½ï¿½ï¿½Aï¿½ï¿½1Mï¿½ï¿½ï¿½Yï¿½ï¿½A3ï¿½tï¿½ï¿½ï¿½Q]*ï¿½?ï¿½ï¿½Ë‡9ï¿½ï¿½CBï¿½'ï¿½ï¿½,ï¿½aï¿½7ï¿½5ï¿½CÃ„#ï¿½9tï¿½4ï¿½ï¿½ ÖŒ_cï¿½ï¿½pï¿½cï¿½ï¿½ï¿½2ï¿½ï¿½ï¿½ï¿½Qï¿½ia/ï¿½ï¿½
2018-12-25T12:00:20.829710659Z	227	PC: 16df6 \| UNKNOWN!
2018-12-25T12:00:20.841547818Z	96	PC: 16dac \| Qualify filename
2018-12-25T12:00:20.846383665Z	64	PC: 17184 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:00:20.852122875Z	64	PC: 17184 \| Write file or device (See above)
2018-12-25T12:00:20.882514477Z	12	PC: 18e06 \| Flush input buffer and input (See above)