Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Mimicry

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:24.800114442Z 53 PC: 1395a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:24.801666277Z 53 PC: 1395a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:24.803634855Z 53 PC: 1395a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:24.80514385Z 53 PC: 1395a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:24.806828234Z 53 PC: 1395a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:24.809389224Z 53 PC: 1395a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:24.810795907Z 53 PC: 1395a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:24.812167103Z 53 PC: 1395a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:24.814326489Z 53 PC: 1395a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:24.815844461Z 53 PC: 1395a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:24.817388381Z 53 PC: 1395a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:24.819797226Z 53 PC: 1395a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:24.821458507Z 53 PC: 1395a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:24.823095733Z 53 PC: 1395a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:24.825087634Z 53 PC: 1395a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:24.828890368Z 53 PC: 1395a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:24.83270881Z 53 PC: 1395a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:24.834281164Z 53 PC: 1395a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:24.836636969Z 53 PC: 1395a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:24.838427924Z 37 PC: 1396f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:24.840181578Z 37 PC: 13977 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:24.842126081Z 37 PC: 1397f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:24.843383283Z 37 PC: 13987 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:24.845069079Z 68 PC: 145e0 | I/O control for devices (Set for = '�r���Jt�s�3�3���Jt�����Jt��Ӆ�t��Jt��Ӏ�r ��Ju�����.��^�� tt3ۃ�t*��Jt�r#��Jt�����Jt�����Ju����Ӏ�s.��n���V��+���&��^���Ju����Ӏ�r���Ju����Ӏ�r���Ju����Ӂ��')
2018-12-17T22:52:24.848179472Z 42 PC: 135e7 | Get date 0x135e7: xor ah, ah
0x135e9: les di, ptr [bp + 6]
0x135ec: stosw word ptr es:[di], ax
0x135ed: mov al, dl
0x135ef: les di, ptr [bp + 0xa]
0x135f2: stosw word ptr es:[di], ax
0x135f3: mov al, dh
0x135f5: les di, ptr [bp + 0xe]
0x135f8: stosw word ptr es:[di], ax
0x135f9: xchg ax, cx
0x135fa: les di, ptr [bp + 0x12]
0x135fd: stosw word ptr es:[di], ax
0x135fe: pop bp
0x135ff: retf 0x10
0x13602: push bp
0x13603: mov bp, sp
0x13605: mov cx, word ptr [bp + 0xa]
0x13608: mov dh, byte ptr [bp + 8]
0x1360b: mov dl, byte ptr [bp + 6]
0x1360e: mov ah, 0x2b
2018-12-17T22:52:24.850960407Z 44 PC: 14717 | Get time 0x14717: mov word ptr [0x614], cx
0x1471b: mov word ptr [0x616], dx
0x1471f: retf
0x14720: call 0x14767
0x14723: jb 0x14734
0x14725: mov cx, word ptr es:[di + 4]
0x14729: cmp cx, 1
0x1472c: je 0x14734
0x1472e: xor bx, bx
0x14730: push cs
0x14731: call 0x24294
0x14734: retf 4
0x14737: call 0x14767
0x1473a: jb 0x1474f
0x1473c: mov ax, cx
0x1473e: mov dx, bx
0x14740: mov cx, word ptr es:[di + 4]
0x14744: cmp cx, 1
0x14747: je 0x1474f
0x14749: xor bx, bx
2018-12-17T22:52:24.853621445Z 46 PC: 1368c | Set verify flag
2018-12-17T22:52:24.856234013Z 51 PC: 1366f | Get or set Ctrl-Break
2018-12-17T22:52:24.857893961Z 61 PC: 14020 | Open file (Filename = 'C:\NC\NC.DMP')
2018-12-17T22:52:24.864766852Z 86 PC: 141ad | Rename file
2018-12-17T22:52:24.871896455Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:24.874572913Z 61 PC: 14020 | Open file (Filename = 'C:\DN\DN.DMP')
2018-12-17T22:52:24.8822109Z 86 PC: 141ad | Rename file
2018-12-17T22:52:24.88942372Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:24.891599306Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WIN.IST')
2018-12-17T22:52:24.904279095Z 86 PC: 141ad | Rename file
2018-12-17T22:52:25.244815764Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:25.246900119Z 48 PC: 141e2 | Get DOS version
2018-12-17T22:52:25.249004051Z 61 PC: 14020 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:52:25.257155644Z 60 PC: 14020 | Create or truncate file
2018-12-17T22:52:25.269793473Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.276715467Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.28598487Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.292232836Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.299101749Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.306188993Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.314164655Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.321718615Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.328819875Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.337335Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.345079519Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.352391324Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.360042176Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.367467304Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.37428459Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.382823681Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.390063651Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.39800026Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.408062552Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.414951303Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.421803825Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.429850931Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.436730074Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.443582967Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.451618903Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.459633718Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.467202908Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.475787263Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.483009831Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.490200979Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.508750615Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.516310326Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.524328077Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.532953009Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.545183934Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.552609654Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.560796122Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.567267198Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.573843962Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.582408982Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.591668065Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.599449202Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.607182209Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.614807472Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.622136891Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.629522465Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.637291889Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.645132819Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.653011659Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.661570416Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.670129805Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.67677056Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.682463033Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.688921876Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.694443769Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.700868578Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.7068748Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.713700363Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.721778027Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.727285141Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.732601458Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.739513553Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.744658187Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.750054624Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.755903731Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.761207124Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.766918292Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.774807502Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.782852485Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.790594789Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.798241022Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.805238046Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.812033932Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.819809298Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.828402801Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.835726288Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.842975826Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.849701741Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.854901549Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.860117898Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.865779242Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.873280894Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.881479826Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.889376359Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.89655229Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.903876909Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.912999586Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.920549859Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.928137402Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.935829532Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.943151587Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.950109878Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.957656273Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.964745992Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.971891805Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.981616963Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:25.988586356Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:25.995815385Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.003954034Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.011449053Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.018738777Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.026903925Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.034285702Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.041983822Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.050017754Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.05804317Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.065866856Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.073966552Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.081128596Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.08822687Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.096464625Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.104110378Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.110842433Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.118989708Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.126846697Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.134654674Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.142975816Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.150256052Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.157033333Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.165225101Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.172920637Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.180141862Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.1897759Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.197180138Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.203972217Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.212278912Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.219711092Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.227578141Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.236633342Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.244190207Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.251684224Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.259522118Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.267682898Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.275069934Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.283610197Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.290874924Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.297623161Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.306667961Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.314443387Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.321649264Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.32906844Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.336859376Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.344030397Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.352699401Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.36059345Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.368361463Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.376725444Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.38413856Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.391606789Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.400080656Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.407324474Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.414483212Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.422263537Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.43127733Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.439337581Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.449777823Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.458839746Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.46638003Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.474806098Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.482194578Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.489170201Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.497845768Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.505872446Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.513197917Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.520808263Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.528290358Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.539493473Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.547088611Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.553832479Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.560746477Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.568731738Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.575712801Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.582509058Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.59017064Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.596917163Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.604186429Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.613393385Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.620306921Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.62855243Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.638777548Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.645514614Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.653004103Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.659924292Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.666980487Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.674646548Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.682307389Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.690193192Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.698548308Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.70547006Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.712600655Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.720113418Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.727075986Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.734202624Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.742250632Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.75019777Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.758050101Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:26.931639739Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:26.939226912Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.090617098Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.099033067Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.106177648Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.113549025Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.122242145Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.130092242Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.137004356Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.144830928Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.151753101Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.159183279Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.166885628Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.174268507Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.181763085Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.189953561Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.197695975Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.205060469Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.213055448Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.220387191Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.227283185Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.235574249Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.242815973Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.249892936Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.258432348Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.265802914Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.2732326Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.281250792Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.288302519Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.296195977Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.303585258Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.310625543Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.318482712Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.326393252Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.333308573Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.34155303Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.34922411Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.354453574Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.361069431Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.366592737Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.37181646Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.378209208Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.3830384Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.39011866Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.397265536Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.40458239Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.412057472Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.419989653Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.427422095Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.434790607Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.44152182Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.448604115Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.456343454Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.463903164Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.471669333Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.486943074Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.493700919Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.500786089Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.509444844Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.516800772Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.524716683Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.53260482Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.540351552Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.549642845Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.557382054Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.564722814Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.572313392Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.580145555Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.589053639Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.597501889Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.604916407Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.612222071Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.629175187Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.636924935Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.644286995Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.653408991Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.660583217Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.668545564Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.677693428Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.685305097Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.69270068Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.701216947Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.708501221Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.717377205Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.725326356Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.742791816Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.7517323Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.760005973Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.767966336Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.777845284Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.785516593Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.793763756Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:27.802104264Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:27.805313563Z 87 PC: 136cb | Get or set file date and time
2018-12-17T22:52:27.807639532Z 62 PC: 14070 | Close file
2018-12-17T22:52:27.811373065Z 62 PC: 14070 | Close file
2018-12-17T22:52:27.82022294Z 26 PC: 136fb | Set disk transfer address
2018-12-17T22:52:27.822029634Z 78 PC: 13707 | Find first file
2018-12-17T22:52:27.82966726Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.831421275Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.834907324Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.837794458Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.841559911Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.844412199Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.847945446Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.849710732Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.855077464Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.856298026Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.859631018Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.862612048Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.866071506Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.867820552Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.872347315Z 26 PC: 136fb | Set disk transfer address
2018-12-17T22:52:27.874541577Z 78 PC: 13707 | Find first file
2018-12-17T22:52:27.882696546Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CONTROL.EXE')
2018-12-17T22:52:27.891659182Z 62 PC: 14070 | Close file
2018-12-17T22:52:27.894624542Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.896351406Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.901759165Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.903508161Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.908112881Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SETUP.EXE')
2018-12-17T22:52:27.917115862Z 62 PC: 14070 | Close file
2018-12-17T22:52:27.919821555Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.922834856Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.927967478Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SETUP.EXE')
2018-12-17T22:52:27.937050049Z 62 PC: 14070 | Close file
2018-12-17T22:52:27.940926571Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.942850745Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.94788358Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SYSTEM.EXE')
2018-12-17T22:52:27.956944701Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:27.959434999Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.961186789Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.966806897Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WIN.EXE')
2018-12-17T22:52:27.975246611Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:27.977853078Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.980483238Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.984685542Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:27.986075253Z 79 PC: 13724 | Find next file
2018-12-17T22:52:27.991075416Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WIN.EXE')
2018-12-17T22:52:27.998648311Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.000755269Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.002379921Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.007261521Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\BOOTLOG.EXE')
2018-12-17T22:52:28.016081269Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.017846104Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.019246344Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.024337077Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\MOUSE.EXE')
2018-12-17T22:52:28.03196685Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.033678355Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.036013421Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.040080721Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.041606217Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.046691951Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.048104604Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.052240153Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.053966556Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.058111252Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.060320613Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.064828771Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.066294203Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.071572529Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.072849077Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.076969688Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WINFILE.EXE')
2018-12-17T22:52:28.085740313Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.088692959Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.090083391Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.094856428Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.096131964Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.09989376Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.102046144Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.105894172Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.107480772Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.11220695Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CALC.EXE')
2018-12-17T22:52:28.119888821Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.122868127Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.124339812Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.128233947Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.130339182Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.134739768Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CALENDAR.EXE')
2018-12-17T22:52:28.142567323Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.146731124Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.148069789Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.152288914Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CANYON.EXE')
2018-12-17T22:52:28.160661292Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.162367146Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.163932657Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.169129048Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.170504562Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.175247452Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CARDFILE.EXE')
2018-12-17T22:52:28.183005556Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.18518526Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.187594265Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.191957782Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.193534303Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.197433248Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CHORD.EXE')
2018-12-17T22:52:28.203155447Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.205335512Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.207026138Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.209954859Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.211950839Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.214919375Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.21592255Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.219629163Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CONTROL.EXE')
2018-12-17T22:52:28.2252228Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.226848805Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.228918042Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.231828138Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.232860427Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.235794008Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.236808363Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.239833586Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.24193834Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.245828318Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\GLOSSARY.EXE')
2018-12-17T22:52:28.253456968Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.254813095Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.256385118Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.260648818Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\MORICONS.EXE')
2018-12-17T22:52:28.266744338Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.268449311Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.271294305Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.274535564Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.27593888Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.280553559Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\NETWORKS.EXE')
2018-12-17T22:52:28.288386463Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.291021082Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.296475798Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.307244207Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.309458176Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.315407261Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PACKAGER.EXE')
2018-12-17T22:52:28.323289919Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.327619011Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.329713225Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.335011247Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PBRUSH.EXE')
2018-12-17T22:52:28.343488051Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.346225072Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.347620574Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.353320742Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.354784521Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.360206857Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PIFEDIT.EXE')
2018-12-17T22:52:28.368036776Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.370298003Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.3728512Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.377217371Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PRINTERS.EXE')
2018-12-17T22:52:28.385420871Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.38833211Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.389919663Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.393967717Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.396769139Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.402297574Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PRINTMAN.EXE')
2018-12-17T22:52:28.412716476Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.416183259Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.417578169Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.423501235Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.424840301Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.429016816Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PROGMAN.EXE')
2018-12-17T22:52:28.437876309Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.439869443Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.441237182Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.446611668Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\README.EXE')
2018-12-17T22:52:28.454305341Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.456098469Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.45890444Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.463251666Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.4654683Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.470162298Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\RECORDER.EXE')
2018-12-17T22:52:28.478264258Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.481506958Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.483772965Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.487532848Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.489406338Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.49352267Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\REGEDIT.EXE')
2018-12-17T22:52:28.501781825Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.503939949Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.505258946Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.510621841Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\REGEDITV.EXE')
2018-12-17T22:52:28.518562939Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.520213299Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.522408763Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.526645371Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.528356595Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.533307646Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.534815078Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.541043057Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SYSINI.EXE')
2018-12-17T22:52:28.549744653Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.551672845Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.554444512Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.559721705Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\TERMINAL.EXE')
2018-12-17T22:52:28.567557955Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.571192072Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.572765287Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.578357472Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WINHELP.EXE')
2018-12-17T22:52:28.586979418Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.58948767Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.592042559Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.597102755Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WINLOGO.EXE')
2018-12-17T22:52:28.605262654Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.60835897Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.61049956Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.614779741Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.61776027Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.623006555Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WINTUTOR.EXE')
2018-12-17T22:52:28.633111397Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.635775872Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.637511933Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.642994282Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WRITE.EXE')
2018-12-17T22:52:28.651411453Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.653961964Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.656952382Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.667246269Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\256COLOR.EXE')
2018-12-17T22:52:28.685430819Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.688648233Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.6904883Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.696563812Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\ARCADE.EXE')
2018-12-17T22:52:28.706286647Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.70848171Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.71147872Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.716603156Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\ARGYLE.EXE')
2018-12-17T22:52:28.72459018Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.727694511Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.729225858Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.734575356Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CASTLE.EXE')
2018-12-17T22:52:28.742496557Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.744316666Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.746918934Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.75130329Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CHARMAP.EXE')
2018-12-17T22:52:28.759084396Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.762473583Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.764056797Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.769570615Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CHIMES.EXE')
2018-12-17T22:52:28.778113482Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.780059037Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.782847055Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.78729457Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\CLIPBRD.EXE')
2018-12-17T22:52:28.796376059Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.798776708Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.800206284Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.805854534Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.807099573Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.811487576Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\DING.EXE')
2018-12-17T22:52:28.820028971Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.821648242Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.823508737Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.827911107Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\EGYPT.EXE')
2018-12-17T22:52:28.835932405Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.839158305Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.840822481Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.846688701Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\HIMEM.EXE')
2018-12-17T22:52:28.855856593Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.857735492Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.859866064Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.864256362Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\HONEY.EXE')
2018-12-17T22:52:28.872929064Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.874775763Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.876580172Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.881996135Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\MPLAYER.EXE')
2018-12-17T22:52:28.889643251Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.891820882Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.893697156Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.898022031Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\MSD.EXE')
2018-12-17T22:52:28.906996088Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.909501845Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.911170089Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.917317367Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\NOTEPAD.EXE')
2018-12-17T22:52:28.925445816Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.92911046Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.930783392Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.937644481Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PBRUSH.EXE')
2018-12-17T22:52:28.946646812Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.948846364Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.950810583Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.95656349Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\RAMDRIVE.EXE')
2018-12-17T22:52:28.964630734Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:28.968217923Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.970125947Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.974395037Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\RECORDER.EXE')
2018-12-17T22:52:28.984230022Z 62 PC: 14070 | Close file
2018-12-17T22:52:28.987075206Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:28.989972769Z 79 PC: 13724 | Find next file
2018-12-17T22:52:28.995245364Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\REDBRICK.EXE')
2018-12-17T22:52:29.003577135Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.006719698Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.009211559Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.014283307Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\RIVETS.EXE')
2018-12-17T22:52:29.02275996Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.024561484Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.02697113Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.03191648Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SCRNSAVE.EXE')
2018-12-17T22:52:29.042108496Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.044809329Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.046512649Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.052143256Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SOL.EXE')
2018-12-17T22:52:29.059844443Z 62 PC: 14070 | Close file
2018-12-17T22:52:29.062237959Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.064920458Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.069429999Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SOUNDREC.EXE')
2018-12-17T22:52:29.078290013Z 62 PC: 14070 | Close file
2018-12-17T22:52:29.080610682Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.082146838Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.087884045Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SQUARES.EXE')
2018-12-17T22:52:29.095454336Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.098057516Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.099509363Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.104004307Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SSFLYWIN.EXE')
2018-12-17T22:52:29.113399035Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.115258478Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.117785705Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.122159281Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SSMARQUE.EXE')
2018-12-17T22:52:29.129923476Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.133386932Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.134945279Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.13953938Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\SSSTARS.EXE')
2018-12-17T22:52:29.147841164Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.150051396Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.152752911Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.157617148Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.159384348Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.16617236Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\THATCH.EXE')
2018-12-17T22:52:29.174407419Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.177470533Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.179589073Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.184464612Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WININI.EXE')
2018-12-17T22:52:29.194298103Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.196545425Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.198323505Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.204439334Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WINMINE.EXE')
2018-12-17T22:52:29.212659545Z 62 PC: 14070 | Close file
2018-12-17T22:52:29.216189857Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.218194222Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.222253427Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.224696657Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.229549112Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\ZIGZAG.EXE')
2018-12-17T22:52:29.238266838Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.240012057Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.241155936Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.246225419Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\_DEFAULT.EXE')
2018-12-17T22:52:29.254431373Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.256364605Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.259740106Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.264630022Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\DOSPRMPT.EXE')
2018-12-17T22:52:29.272852487Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.275431973Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.276945356Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.28260103Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\PROGMAN.EXE')
2018-12-17T22:52:29.290491071Z 62 PC: 14070 | Close file
2018-12-17T22:52:29.292703757Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.294900324Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.299485898Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\REG.EXE')
2018-12-17T22:52:29.308589429Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.311361847Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.313080375Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.318519943Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\MAIN.EXE')
2018-12-17T22:52:29.326531483Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.329461627Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.331386583Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.335886586Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\ACCESSOR.EXE')
2018-12-17T22:52:29.344971923Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.346888183Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.349297429Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.35409473Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\GAMES.EXE')
2018-12-17T22:52:29.3621809Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.365294209Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.366613086Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.37083644Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\STARTUP.EXE')
2018-12-17T22:52:29.379318493Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.380917577Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.38304852Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.388150334Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\APPLICAT.EXE')
2018-12-17T22:52:29.39583551Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.402178556Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.403424286Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.407872582Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\QBASIC.EXE')
2018-12-17T22:52:29.416251361Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.41786898Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.420979864Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.425627524Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\EDIT.EXE')
2018-12-17T22:52:29.433614858Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.437060902Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.438746308Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.443885281Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.445916547Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.450516789Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\WINFILE.EXE')
2018-12-17T22:52:29.460549866Z 62 PC: 14070 | Close file
2018-12-17T22:52:29.463412203Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.466255304Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.478399125Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\DOSAPP.EXE')
2018-12-17T22:52:29.486300558Z 87 PC: 1369e | Get or set file date and time
2018-12-17T22:52:29.489152195Z 26 PC: 1371f | Set disk transfer address
2018-12-17T22:52:29.490737243Z 79 PC: 13724 | Find next file
2018-12-17T22:52:29.494945457Z 48 PC: 141e2 | Get DOS version
2018-12-17T22:52:29.496792677Z 61 PC: 14020 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:52:29.507387851Z 60 PC: 14020 | Create or truncate file
2018-12-17T22:52:29.520059364Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.527689066Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.535776037Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.54320866Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.549927141Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.558098209Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.56481663Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.572684901Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.579636679Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.587241265Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.595320321Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.602533641Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.61017208Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.617457085Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.624292565Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.632575495Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.639572649Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.647220495Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.656658054Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.664021145Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.672134817Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.680159681Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.687817707Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.695633809Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.702496Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.711094182Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.719085423Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.727604186Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.735864052Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.744346125Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.753696711Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.761584197Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.770095796Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.778766423Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.787966015Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.797234837Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.805680862Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.815279333Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.823118328Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.830893214Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.83919076Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.847085611Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.856694231Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.864814043Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.872178899Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.881101559Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.888907473Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.897911647Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.905602865Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.913571234Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.923056191Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.93107244Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.939432324Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.946891105Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.953927132Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.962453128Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.970571689Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.979978329Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:29.988518351Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:29.996149236Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.003626542Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.011520421Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.020210354Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.028429454Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.036046934Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.044417147Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.052548111Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.061923732Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.069776013Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.07920214Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.086933443Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.094796855Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.10322701Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.111002567Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.120688792Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.129006006Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.136291653Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.145023365Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.152752815Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.161931516Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.169655797Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.177391869Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.187370734Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.194697969Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.203099841Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.210752667Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.217881178Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.22701718Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.234085097Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.24205088Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.251978069Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.259441609Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.267651301Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.274979958Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.2831846Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.290519318Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.297401466Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.305513785Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.312728478Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.322128515Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.330354929Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.338247696Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.350235454Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.357706579Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.366109714Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.374143396Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.382396438Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.391517372Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.398722768Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.406988765Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.414521836Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.422011224Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.430593386Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.438130164Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.44682644Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.455362295Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.46268535Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.471635183Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.478600397Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.486986961Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.494573232Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.5022274Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.511310282Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.519126706Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.527229036Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.534743722Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.541986798Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.550183195Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.557336523Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.570009418Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.580259172Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.594413982Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.60188167Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.620759862Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.629455297Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.637030617Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.645115314Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.653629648Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.661212061Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.670000781Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.677060462Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.685463738Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.692894768Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.7003172Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.708996865Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.716876597Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.725396321Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.7330453Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.740166547Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.748744491Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.755889533Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.764452338Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.771810771Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.780911516Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.788934828Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.796962558Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.805316391Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.812706924Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.820730916Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.828785788Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.835873672Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.844228326Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.851481382Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.860627051Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.867996765Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.875865096Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.883886795Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.891787366Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.900132372Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.907717931Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.917875973Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.925889236Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.933241157Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.94208517Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.949786757Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.958745917Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.965869178Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.97340284Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.982647386Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:30.989797688Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:30.997574706Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.004778459Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.011449601Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.019426184Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.026095372Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.034633021Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.043974739Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.051581919Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.059830173Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.068192612Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.077506768Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.085303294Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.093665201Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.101194926Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.11115713Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.118308374Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.124998882Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.137639467Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.145030852Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.153556797Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.160978409Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.169703869Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.178319674Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.18615885Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.19404253Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.201244358Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.208866266Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.216309227Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.224959046Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.232338338Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.239764949Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.248769804Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.255475291Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.263560289Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.270282205Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.277321348Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.284591896Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.291813111Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.300279335Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.308030525Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.315041726Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.323311661Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.330420775Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.339262795Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.345146898Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.351118916Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.356473996Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.361653306Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.367450204Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.372951148Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.380587012Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.387838564Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.395171739Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.402256979Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.407988896Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.413733327Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.418791138Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.424938746Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.430440812Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.437438588Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.442888114Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.449201343Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.454878298Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.460029344Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.466104205Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.472149972Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.480142506Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.487650229Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.495412Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.5025508Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.51069047Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.518772052Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.525360628Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.533757672Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.541430505Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.549058855Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.564189227Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.571731115Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.582450711Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.589975747Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.598771209Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.606555652Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.614034091Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.62259423Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.630359117Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.639005669Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.646461856Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.654823734Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.662281222Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.669778105Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.677464784Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.684827024Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.69330004Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.70122596Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.709139155Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.717733579Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.724908467Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.733764382Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.740554598Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.749590492Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.757016862Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.766645891Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.776081184Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.783159752Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.79048394Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.798163476Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.805898166Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.813202466Z 64 PC: 140f3 | Write file or device (Write 512 bytes on handle 6)
2018-12-17T22:52:31.820956062Z 63 PC: 140f3 | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:52:31.823076996Z 87 PC: 136cb | Get or set file date and time
2018-12-17T22:52:31.825596559Z 62 PC: 14070 | Close file
2018-12-17T22:52:31.827620861Z 62 PC: 14070 | Close file
2018-12-17T22:52:31.835566106Z 61 PC: 14020 | Open file (Filename = 'C:\WINDOWS\DOSAPP.EXE')
2018-12-17T22:52:31.843725664Z 66 PC: 14781 | Move file pointer
2018-12-17T22:52:31.845217196Z 66 PC: 1478f | Move file pointer
2018-12-17T22:52:31.847762617Z 66 PC: 1479d | Move file pointer
2018-12-17T22:52:31.84968053Z 66 PC: 14152 | Move file pointer
2018-12-17T22:52:31.852249666Z 64 PC: 140f3 | Write file or device (Write 34597 bytes on handle 5)
2018-12-17T22:52:31.865459722Z 87 PC: 136cb | Get or set file date and time
2018-12-17T22:52:31.867457474Z 62 PC: 14070 | Close file
2018-12-17T22:52:31.875532683Z 48 PC: 141e2 | Get DOS version
2018-12-17T22:52:31.87765487Z 61 PC: 14020 | Open file (Filename = 'A:\TEST.DSA')
2018-12-17T22:52:31.885335869Z 64 PC: 13d78 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:52:31.887188298Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:31.889127591Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:31.890254718Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:31.89226783Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:31.89385432Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:31.895156066Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:31.896629213Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:31.898095718Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:31.899824626Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:31.901147541Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:31.903663968Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:31.904920428Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:31.911571291Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:31.912931857Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:31.914149114Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:31.916187403Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:31.918193511Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:31.920226581Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:31.921953184Z 37 PC: 13ab1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:31.924463479Z 76 PC: 13af0 | Terminate with return code (Return code = '0')