.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:50:09.524520525Z | 48 | PC: 1777c | Get DOS version |
| 2018-12-17T22:50:09.534798211Z | 74 | PC: 177cc | Reallocate memory |
| 2018-12-17T22:50:09.536772775Z | 48 | PC: 17830 | Get DOS version |
| 2018-12-17T22:50:09.538069372Z | 53 | PC: 17838 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:50:09.541368293Z | 37 | PC: 1784a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:50:09.542853881Z | 68 | PC: 178db | I/O control for devices (Set for = 'W�J�W�U�W�W����') |
| 2018-12-17T22:50:09.544594116Z | 68 | PC: 178db | I/O control for devices |
| 2018-12-17T22:50:09.546806962Z | 68 | PC: 178db | I/O control for devices |
| 2018-12-17T22:50:09.549105941Z | 68 | PC: 178db | I/O control for devices |
| 2018-12-17T22:50:09.552583318Z | 68 | PC: 178db | I/O control for devices |
| 2018-12-17T22:50:09.555399728Z | 53 | PC: 15638 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:50:09.557606725Z | 53 | PC: 15645 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output') |
| 2018-12-17T22:50:09.55980453Z | 53 | PC: 15652 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:50:09.574744786Z | 37 | PC: 15667 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:50:09.576454313Z | 37 | PC: 1566f | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output') |
| 2018-12-17T22:50:09.578192739Z | 37 | PC: 15677 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:50:09.581111864Z | 53 | PC: 160f6 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!') |
| 2018-12-17T22:50:09.583882867Z | 53 | PC: 16103 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!') |
| 2018-12-17T22:50:09.586487954Z | 53 | PC: 16112 | Get interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-17T22:50:09.593663937Z | 37 | PC: 1611f | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!') |
| 2018-12-17T22:50:09.598360381Z | 53 | PC: 16126 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T22:50:09.599915858Z | 37 | PC: 16133 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!') |
| 2018-12-17T22:50:09.602243655Z | 53 | PC: 1613f | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-17T22:50:09.607475147Z | 48 | PC: 16201 | Get DOS version |
| 2018-12-17T22:50:09.609468673Z | 68 | PC: 155ae | I/O control for devices (Set for = 'IESEN GL�CKSKETTENBRIEF AN JEDERMAN WEITER,�?') |
| 2018-12-17T22:50:09.612603616Z | 68 | PC: 155ae | I/O control for devices (Set for = '') |
| 2018-12-17T22:50:09.61437988Z | 51 | PC: 155cc | Get or set Ctrl-Break |
| 2018-12-17T22:50:09.615382783Z | 51 | PC: 155d8 | Get or set Ctrl-Break |
| 2018-12-17T22:50:09.616780348Z | 72 | PC: 12dd0 | Allocate memory |
| 2018-12-17T22:50:09.620988693Z | 37 | PC: 13cf7 | Set interrupt vector (Interrupt = '9' AKA 'Display string') |
| 2018-12-17T22:50:09.629613164Z | 26 | PC: 12bdd | Set disk transfer address |
| 2018-12-17T22:50:09.63106419Z | 78 | PC: 12be4 | Find first file |
| 2018-12-17T22:50:09.63806498Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\IO.SYS') |
| 2018-12-17T22:50:10.182187804Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.187903514Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\MSDOS.SYS') |
| 2018-12-17T22:50:10.316170585Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.321699973Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\COMMAND.COM') |
| 2018-12-17T22:50:10.342561717Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.347557756Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\CONFIG.SYS') |
| 2018-12-17T22:50:10.360638965Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.364465554Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\AUTOEXEC.BAT') |
| 2018-12-17T22:50:10.377385695Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.38168803Z | 26 | PC: 12bdd | Set disk transfer address |
| 2018-12-17T22:50:10.383082542Z | 78 | PC: 12be4 | Find first file |
| 2018-12-17T22:50:10.395451131Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CONTROL.HLP') |
| 2018-12-17T22:50:10.413457958Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.417200782Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SETUP.EXE') |
| 2018-12-17T22:50:10.75194925Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.756783317Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SETUP.HLP') |
| 2018-12-17T22:50:10.769352369Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.774733152Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SETUP.TXT') |
| 2018-12-17T22:50:10.789776938Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.793307335Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SYSTEM.INI') |
| 2018-12-17T22:50:10.807035353Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.811600826Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WIN.INI') |
| 2018-12-17T22:50:10.824589744Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.828729443Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINHELP.EXE') |
| 2018-12-17T22:50:10.843913453Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.847455579Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WIN.COM') |
| 2018-12-17T22:50:10.859932446Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.864316681Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\BOOTLOG.TXT') |
| 2018-12-17T22:50:10.876514582Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.880487975Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MOUSE.INI') |
| 2018-12-17T22:50:10.896520548Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.89997352Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MSD.EXE') |
| 2018-12-17T22:50:10.914511161Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.917579235Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PACKAGER.EXE') |
| 2018-12-17T22:50:10.928538355Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.932085832Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PBRUSH.EXE') |
| 2018-12-17T22:50:10.943379023Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.947563547Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SOL.EXE') |
| 2018-12-17T22:50:10.95788195Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.961252792Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\TERMINAL.EXE') |
| 2018-12-17T22:50:10.97283963Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.976119472Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINFILE.EXE') |
| 2018-12-17T22:50:10.987239986Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:10.993600986Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINFILE.HLP') |
| 2018-12-17T22:50:11.003908132Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.007073374Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINTUTOR.EXE') |
| 2018-12-17T22:50:11.018267461Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.021558836Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WRITE.EXE') |
| 2018-12-17T22:50:11.031893995Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.043423496Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CALC.EXE') |
| 2018-12-17T22:50:11.058334749Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.062502442Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CALC.HLP') |
| 2018-12-17T22:50:11.07522038Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.080529246Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CALENDAR.EXE') |
| 2018-12-17T22:50:11.093660609Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.09785157Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CALENDAR.HLP') |
| 2018-12-17T22:50:11.112206658Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.116703198Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CANYON.MID') |
| 2018-12-17T22:50:11.129939259Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.134828085Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CARDFILE.EXE') |
| 2018-12-17T22:50:11.148256719Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.15239417Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CARDFILE.HLP') |
| 2018-12-17T22:50:11.166527377Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.170355325Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CHARMAP.EXE') |
| 2018-12-17T22:50:11.183902447Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.188192254Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CHORD.WAV') |
| 2018-12-17T22:50:11.201588693Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.205363112Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CLIPBRD.EXE') |
| 2018-12-17T22:50:11.218698122Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.223534845Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CONTROL.EXE') |
| 2018-12-17T22:50:11.23622079Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.24169542Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CONTROL.INI') |
| 2018-12-17T22:50:11.254242Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.258495901Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\DRWATSON.EXE') |
| 2018-12-17T22:50:11.273013142Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.27722036Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\EMM386.EXE') |
| 2018-12-17T22:50:11.290027748Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.293788145Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\EXPAND.EXE') |
| 2018-12-17T22:50:11.308591629Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.31280474Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\GLOSSARY.HLP') |
| 2018-12-17T22:50:11.325868042Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.330570274Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MORICONS.DLL') |
| 2018-12-17T22:50:11.344050527Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.347799801Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MPLAYER.EXE') |
| 2018-12-17T22:50:11.361303338Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.365354692Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\NETWORKS.WRI') |
| 2018-12-17T22:50:11.379249551Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.384466916Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\NOTEPAD.EXE') |
| 2018-12-17T22:50:11.397660767Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.401466458Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PACKAGER.HLP') |
| 2018-12-17T22:50:11.414756767Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.418585081Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PBRUSH.HLP') |
| 2018-12-17T22:50:11.44515392Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.449957258Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PIFEDIT.EXE') |
| 2018-12-17T22:50:11.462436831Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.466119086Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PIFEDIT.HLP') |
| 2018-12-17T22:50:11.494796579Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.500309296Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PRINTERS.WRI') |
| 2018-12-17T22:50:11.512807187Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.517501639Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PRINTMAN.EXE') |
| 2018-12-17T22:50:11.531110074Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.535075317Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PRINTMAN.HLP') |
| 2018-12-17T22:50:11.547842653Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.552610147Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PROGMAN.EXE') |
| 2018-12-17T22:50:11.565889088Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.569776681Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PROGMAN.HLP') |
| 2018-12-17T22:50:11.583659298Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.587522615Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\README.WRI') |
| 2018-12-17T22:50:11.599883135Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.604808862Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\RECORDER.EXE') |
| 2018-12-17T22:50:11.621211691Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.625913086Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\RECORDER.HLP') |
| 2018-12-17T22:50:11.639255915Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.643123148Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\REGEDIT.EXE') |
| 2018-12-17T22:50:11.655835628Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.660569964Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\REGEDIT.HLP') |
| 2018-12-17T22:50:11.673286026Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.677162568Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\REGEDITV.HLP') |
| 2018-12-17T22:50:11.691124252Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.695298981Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SMARTDRV.EXE') |
| 2018-12-17T22:50:11.707966172Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.712590484Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SOUNDREC.EXE') |
| 2018-12-17T22:50:11.725226501Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.728673636Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SYSINI.WRI') |
| 2018-12-17T22:50:11.7426262Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.747122643Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\TERMINAL.HLP') |
| 2018-12-17T22:50:11.760571762Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.765334649Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINHELP.HLP') |
| 2018-12-17T22:50:11.777851749Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.781796334Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINLOGO.BMP') |
| 2018-12-17T22:50:11.794560987Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.816757234Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINMINE.EXE') |
| 2018-12-17T22:50:11.858547941Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.867825506Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINTUTOR.DAT') |
| 2018-12-17T22:50:11.889709496Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.895976303Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WRITE.HLP') |
| 2018-12-17T22:50:11.909789611Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.913967837Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\256COLOR.BMP') |
| 2018-12-17T22:50:11.926712056Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.930725927Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\ARCADE.BMP') |
| 2018-12-17T22:50:11.94583811Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.950182536Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\ARGYLE.BMP') |
| 2018-12-17T22:50:11.962951578Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:11.968109911Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CASTLE.BMP') |
| 2018-12-17T22:50:12.288499004Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.292916547Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CHARMAP.HLP') |
| 2018-12-17T22:50:12.30739692Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.312161143Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CHIMES.WAV') |
| 2018-12-17T22:50:12.325435013Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.330643001Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CLIPBRD.HLP') |
| 2018-12-17T22:50:12.343901747Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.348195178Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\CLOCK.EXE') |
| 2018-12-17T22:50:12.3623163Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.366535891Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\DING.WAV') |
| 2018-12-17T22:50:12.381200886Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.386117096Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\EGYPT.BMP') |
| 2018-12-17T22:50:12.398547787Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.402769937Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\HIMEM.SYS') |
| 2018-12-17T22:50:12.416213562Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.420757928Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\HONEY.BMP') |
| 2018-12-17T22:50:12.433371753Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.439304965Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MPLAYER.HLP') |
| 2018-12-17T22:50:12.452284237Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.456494814Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MSD.INI') |
| 2018-12-17T22:50:12.469863887Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.474497587Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\NOTEPAD.HLP') |
| 2018-12-17T22:50:12.486910387Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.491436595Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PBRUSH.DLL') |
| 2018-12-17T22:50:12.504964684Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.509302268Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\RAMDRIVE.SYS') |
| 2018-12-17T22:50:12.522834587Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.52740976Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\RECORDER.DLL') |
| 2018-12-17T22:50:12.540157682Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.545555752Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\REDBRICK.BMP') |
| 2018-12-17T22:50:12.558276042Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.562502418Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\RIVETS.BMP') |
| 2018-12-17T22:50:12.581935719Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.585988945Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SCRNSAVE.SCR') |
| 2018-12-17T22:50:12.598396615Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.602044901Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SOL.HLP') |
| 2018-12-17T22:50:12.615546832Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.619393532Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SOUNDREC.HLP') |
| 2018-12-17T22:50:12.631745881Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.637118231Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SQUARES.BMP') |
| 2018-12-17T22:50:12.64942666Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.653056022Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SSFLYWIN.SCR') |
| 2018-12-17T22:50:12.666338926Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.670387037Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SSMARQUE.SCR') |
| 2018-12-17T22:50:12.683271158Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.689014188Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\SSSTARS.SCR') |
| 2018-12-17T22:50:12.702229241Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.706166012Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\TASKMAN.EXE') |
| 2018-12-17T22:50:12.718821791Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.722686798Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\THATCH.BMP') |
| 2018-12-17T22:50:12.731511998Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.734650916Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WININI.WRI') |
| 2018-12-17T22:50:12.742925635Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.746901497Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINMINE.HLP') |
| 2018-12-17T22:50:12.759957419Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.76390622Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINVER.EXE') |
| 2018-12-17T22:50:12.777011537Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.781895645Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\ZIGZAG.BMP') |
| 2018-12-17T22:50:12.794485227Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.798806664Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\_DEFAULT.PIF') |
| 2018-12-17T22:50:12.811496154Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.815082244Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\DOSPRMPT.PIF') |
| 2018-12-17T22:50:12.828394363Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.833041652Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\PROGMAN.INI') |
| 2018-12-17T22:50:12.8452126Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.848657601Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\REG.DAT') |
| 2018-12-17T22:50:12.861295083Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.863741531Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\MAIN.GRP') |
| 2018-12-17T22:50:12.871260152Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.874093132Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\ACCESSOR.GRP') |
| 2018-12-17T22:50:12.881289676Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.883566221Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\GAMES.GRP') |
| 2018-12-17T22:50:12.892750119Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.896261066Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\STARTUP.GRP') |
| 2018-12-17T22:50:12.90969058Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.913413958Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\APPLICAT.GRP') |
| 2018-12-17T22:50:12.925460413Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.929143588Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\QBASIC.PIF') |
| 2018-12-17T22:50:12.942436605Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.946261529Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\EDIT.PIF') |
| 2018-12-17T22:50:12.960680349Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.964852246Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\WINFILE.INI') |
| 2018-12-17T22:50:12.978075883Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.982193403Z | 65 | PC: 12b5b | Delete file (Filename = 'C:\WINDOWS\DOSAPP.INI') |
| 2018-12-17T22:50:12.995369624Z | 79 | PC: 12b61 | Find next file |
| 2018-12-17T22:50:12.998690334Z | 53 | PC: 13b1c | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
| 2018-12-17T22:50:13.001064538Z | 37 | PC: 13b32 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive') |
