Sample viewer

vx.netlux.org/Trojan.DOS.QHA.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:29.457527093Z	48	PC: 170bc \| Get DOS version
2018-12-17T22:57:29.461962081Z	74	PC: 1710c \| Reallocate memory
2018-12-17T22:57:29.46387532Z	48	PC: 17170 \| Get DOS version
2018-12-17T22:57:29.465002285Z	53	PC: 17178 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:29.482268534Z	37	PC: 1718a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:29.483698378Z	68	PC: 1721b \| I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:57:29.485097643Z	68	PC: 1721b \| I/O control for devices
2018-12-17T22:57:29.487085455Z	68	PC: 1721b \| I/O control for devices
2018-12-17T22:57:29.489050433Z	68	PC: 1721b \| I/O control for devices
2018-12-17T22:57:29.490734607Z	68	PC: 1721b \| I/O control for devices
2018-12-17T22:57:29.492926797Z	53	PC: 14d9a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:29.497800613Z	53	PC: 14da7 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:57:29.499559807Z	53	PC: 14db4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:29.500602734Z	37	PC: 14dc9 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:29.501593941Z	37	PC: 14dd1 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:57:29.503096509Z	37	PC: 14dd9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:29.504253046Z	53	PC: 15858 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:57:29.505486304Z	53	PC: 15865 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:57:29.50780845Z	53	PC: 15874 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:57:29.508821719Z	37	PC: 15881 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:57:29.509651998Z	53	PC: 15888 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:57:29.510924932Z	37	PC: 15895 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:57:29.511906115Z	53	PC: 158a1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:57:29.514662912Z	48	PC: 15963 \| Get DOS version
2018-12-17T22:57:29.515967196Z	68	PC: 14d10 \| I/O control for devices (Set for = 'tack = 28666')
2018-12-17T22:57:29.517030361Z	68	PC: 14d10 \| I/O control for devices (Set for = '')
2018-12-17T22:57:29.51803886Z	51	PC: 14d2e \| Get or set Ctrl-Break
2018-12-17T22:57:29.518942274Z	51	PC: 14d3a \| Get or set Ctrl-Break
2018-12-17T22:57:29.52183213Z	61	PC: 13740 \| Open file (Filename = 'C:\WINDOWS\SYSTEM\QHA.PRT')
2018-12-17T22:57:29.533231407Z	60	PC: 13605 \| Create or truncate file
2018-12-17T22:57:29.896255274Z	62	PC: 13573 \| Close file
2018-12-17T22:57:29.899830353Z	61	PC: 13740 \| Open file (Filename = 'C:\WINDOWS\SYSTEM\QHA.PRT')
2018-12-17T22:57:29.910392621Z	68	PC: 13699 \| I/O control for devices (Set for = ' Flow Protect] = 354666 Stack = 28666')
2018-12-17T22:57:29.915358557Z	66	PC: 13315 \| Move file pointer
2018-12-17T22:57:29.918284841Z	63	PC: 1353c \| Read file or device (Read 50 bytes on handle 5)
2018-12-17T22:57:29.920950101Z	62	PC: 13573 \| Close file
2018-12-17T22:57:29.923259266Z	25	PC: 12c95 \| Get default drive
2018-12-17T22:57:29.92548062Z	13	PC: 12c9a \| Disk reset
2018-12-17T22:57:29.927200153Z	14	PC: 12ca1 \| Set default drive (Drive = 'A')
2018-12-17T22:57:29.92925275Z	26	PC: 12c81 \| Set disk transfer address
2018-12-17T22:57:29.931144125Z	78	PC: 12c88 \| Find first file
2018-12-17T22:57:29.940521922Z	65	PC: 12bff \| Delete file (Filename = 'C:\IO.SYS')
2018-12-17T22:57:29.952655256Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:29.956375552Z	65	PC: 12bff \| Delete file (Filename = 'C:\MSDOS.SYS')
2018-12-17T22:57:29.969163465Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:29.97380287Z	65	PC: 12bff \| Delete file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:57:29.985234124Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:29.989396781Z	65	PC: 12bff \| Delete file (Filename = 'C:\CONFIG.SYS')
2018-12-17T22:57:30.002378267Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.005635139Z	65	PC: 12bff \| Delete file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T22:57:30.017531771Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.02077653Z	26	PC: 12c81 \| Set disk transfer address
2018-12-17T22:57:30.021959391Z	78	PC: 12c88 \| Find first file
2018-12-17T22:57:30.034038466Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM.INI')
2018-12-17T22:57:30.048729286Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.052678266Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WIN.INI')
2018-12-17T22:57:30.061367241Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.06557214Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MOUSE.INI')
2018-12-17T22:57:30.078265416Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.083184703Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CONTROL.INI')
2018-12-17T22:57:30.097148153Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.100939693Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MSD.INI')
2018-12-17T22:57:30.113772475Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.118112032Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PROGMAN.INI')
2018-12-17T22:57:30.130286056Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.134025166Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINFILE.INI')
2018-12-17T22:57:30.147649351Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.151631907Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\DOSAPP.INI')
2018-12-17T22:57:30.164895421Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.170210057Z	26	PC: 12c81 \| Set disk transfer address
2018-12-17T22:57:30.171432356Z	78	PC: 12c88 \| Find first file
2018-12-17T22:57:30.178559714Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CONTROL.HLP')
2018-12-17T22:57:30.191770479Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.195371181Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SETUP.EXE')
2018-12-17T22:57:30.208709495Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.212585236Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SETUP.HLP')
2018-12-17T22:57:30.225373947Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.228950369Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SETUP.TXT')
2018-12-17T22:57:30.241698785Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.245349029Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINHELP.EXE')
2018-12-17T22:57:30.258237408Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.262075194Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T22:57:30.274143475Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.277632961Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\BOOTLOG.TXT')
2018-12-17T22:57:30.291504506Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.295247159Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MSD.EXE')
2018-12-17T22:57:30.308160698Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.312296287Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PACKAGER.EXE')
2018-12-17T22:57:30.32458026Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.328354143Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PBRUSH.EXE')
2018-12-17T22:57:30.341978051Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.346017032Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SOL.EXE')
2018-12-17T22:57:30.358977821Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.361673415Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\TERMINAL.EXE')
2018-12-17T22:57:30.371069944Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.373735379Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINFILE.EXE')
2018-12-17T22:57:30.388124757Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.392784583Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINFILE.HLP')
2018-12-17T22:57:30.405476465Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.409644034Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINTUTOR.EXE')
2018-12-17T22:57:30.423911364Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.427862121Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WRITE.EXE')
2018-12-17T22:57:30.440863877Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.448127255Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CALC.EXE')
2018-12-17T22:57:30.458358173Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.461245711Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CALC.HLP')
2018-12-17T22:57:30.472886085Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.480052258Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CALENDAR.EXE')
2018-12-17T22:57:30.490548695Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.494276288Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CALENDAR.HLP')
2018-12-17T22:57:30.504480915Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.510634322Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CANYON.MID')
2018-12-17T22:57:30.522330964Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.525571627Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CARDFILE.EXE')
2018-12-17T22:57:30.536064359Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.543549169Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CARDFILE.HLP')
2018-12-17T22:57:30.553808249Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.55670845Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CHARMAP.EXE')
2018-12-17T22:57:30.573299138Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.576449918Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CHORD.WAV')
2018-12-17T22:57:30.586371549Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.590466646Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CLIPBRD.EXE')
2018-12-17T22:57:30.605780353Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.609096043Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CONTROL.EXE')
2018-12-17T22:57:30.621309302Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.625304939Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\DRWATSON.EXE')
2018-12-17T22:57:30.647102013Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.650827039Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\EMM386.EXE')
2018-12-17T22:57:30.661080209Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.664180913Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\EXPAND.EXE')
2018-12-17T22:57:30.676121318Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.678976214Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\GLOSSARY.HLP')
2018-12-17T22:57:30.688899023Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.692285647Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MORICONS.DLL')
2018-12-17T22:57:30.703670196Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.706620134Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MPLAYER.EXE')
2018-12-17T22:57:30.714519644Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.717864744Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\NETWORKS.WRI')
2018-12-17T22:57:30.726244204Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.728728606Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\NOTEPAD.EXE')
2018-12-17T22:57:30.737254184Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.73959816Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PACKAGER.HLP')
2018-12-17T22:57:30.752480328Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.75707752Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PBRUSH.HLP')
2018-12-17T22:57:30.769802951Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.774211186Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PIFEDIT.EXE')
2018-12-17T22:57:30.784720905Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.788420834Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PIFEDIT.HLP')
2018-12-17T22:57:30.801720262Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.806179991Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PRINTERS.WRI')
2018-12-17T22:57:30.816690728Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.819908493Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PRINTMAN.EXE')
2018-12-17T22:57:30.831701625Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.83520387Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PRINTMAN.HLP')
2018-12-17T22:57:30.846011267Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.850586755Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PROGMAN.EXE')
2018-12-17T22:57:30.861044723Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.864436654Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PROGMAN.HLP')
2018-12-17T22:57:30.876122294Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.88133611Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\README.WRI')
2018-12-17T22:57:30.891437987Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.89544065Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\RECORDER.EXE')
2018-12-17T22:57:30.905879287Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.908982932Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\RECORDER.HLP')
2018-12-17T22:57:30.919723845Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.923283025Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\REGEDIT.EXE')
2018-12-17T22:57:30.934066105Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.937996735Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\REGEDIT.HLP')
2018-12-17T22:57:30.948346328Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.951587037Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\REGEDITV.HLP')
2018-12-17T22:57:30.961768566Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.965559936Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:57:30.975835355Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.979098845Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SOUNDREC.EXE')
2018-12-17T22:57:30.990205648Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:30.993494139Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSINI.WRI')
2018-12-17T22:57:31.004264372Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.008550461Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\TERMINAL.HLP')
2018-12-17T22:57:31.018791486Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.022256798Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINHELP.HLP')
2018-12-17T22:57:31.031778411Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.035408757Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINLOGO.BMP')
2018-12-17T22:57:31.044008122Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.048495755Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINMINE.EXE')
2018-12-17T22:57:31.060886293Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.065632617Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINTUTOR.DAT')
2018-12-17T22:57:31.078534431Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.082430801Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WRITE.HLP')
2018-12-17T22:57:31.095546818Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.101760688Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\256COLOR.BMP')
2018-12-17T22:57:31.114976981Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.118820282Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\ARCADE.BMP')
2018-12-17T22:57:31.130950484Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.138708716Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\ARGYLE.BMP')
2018-12-17T22:57:31.151164152Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.156997846Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CASTLE.BMP')
2018-12-17T22:57:31.170084071Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.174013115Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CHARMAP.HLP')
2018-12-17T22:57:31.187677283Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.192391688Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CHIMES.WAV')
2018-12-17T22:57:31.205076982Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.209761045Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CLIPBRD.HLP')
2018-12-17T22:57:31.22628855Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.229786143Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\CLOCK.EXE')
2018-12-17T22:57:31.244437298Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.248276282Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\DING.WAV')
2018-12-17T22:57:31.261041086Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.265719868Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\EGYPT.BMP')
2018-12-17T22:57:31.278286337Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.281243039Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:57:31.292600897Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.296296744Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\HONEY.BMP')
2018-12-17T22:57:31.307296517Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.310825428Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MPLAYER.HLP')
2018-12-17T22:57:31.321266883Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.324219168Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\NOTEPAD.HLP')
2018-12-17T22:57:31.334711629Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.33756799Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\PBRUSH.DLL')
2018-12-17T22:57:31.347198135Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.350915991Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\RAMDRIVE.SYS')
2018-12-17T22:57:31.360823458Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.364034365Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\RECORDER.DLL')
2018-12-17T22:57:31.37525035Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.37953089Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\REDBRICK.BMP')
2018-12-17T22:57:31.389551315Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.393579433Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\RIVETS.BMP')
2018-12-17T22:57:31.403877313Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.40716758Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SCRNSAVE.SCR')
2018-12-17T22:57:31.417993795Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.421553368Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SOL.HLP')
2018-12-17T22:57:31.431603126Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.435321621Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SOUNDREC.HLP')
2018-12-17T22:57:31.469377347Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.472791351Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SQUARES.BMP')
2018-12-17T22:57:31.485104886Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.489052871Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SSFLYWIN.SCR')
2018-12-17T22:57:31.502564974Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.507385354Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SSMARQUE.SCR')
2018-12-17T22:57:31.526377905Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.530360316Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SSSTARS.SCR')
2018-12-17T22:57:31.543987115Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.549257815Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\TASKMAN.EXE')
2018-12-17T22:57:31.561722184Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.565752187Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\THATCH.BMP')
2018-12-17T22:57:31.580366991Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.584118208Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WININI.WRI')
2018-12-17T22:57:31.596726541Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.601942407Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINMINE.HLP')
2018-12-17T22:57:31.614733591Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.61883942Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\WINVER.EXE')
2018-12-17T22:57:31.63251922Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.637536661Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\ZIGZAG.BMP')
2018-12-17T22:57:31.65196279Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.656432448Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\_DEFAULT.PIF')
2018-12-17T22:57:31.668942618Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.672746183Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\DOSPRMPT.PIF')
2018-12-17T22:57:31.685817721Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.691525408Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\REG.DAT')
2018-12-17T22:57:31.704546156Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.709611261Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\MAIN.GRP')
2018-12-17T22:57:31.722304442Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.726771651Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\ACCESSOR.GRP')
2018-12-17T22:57:31.7399895Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.743762654Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\GAMES.GRP')
2018-12-17T22:57:31.75587314Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.760449849Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\STARTUP.GRP')
2018-12-17T22:57:31.773477514Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.777457839Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\APPLICAT.GRP')
2018-12-17T22:57:31.790510638Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.794234926Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\QBASIC.PIF')
2018-12-17T22:57:31.80857108Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.81382115Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\EDIT.PIF')
2018-12-17T22:57:31.827309111Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.831787495Z	26	PC: 12c81 \| Set disk transfer address
2018-12-17T22:57:31.845162866Z	78	PC: 12c88 \| Find first file
2018-12-17T22:57:31.855639619Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\CPWIN386.CPL')
2018-12-17T22:57:31.868997494Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.871906379Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\GDI.EXE')
2018-12-17T22:57:31.879261214Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.881788016Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SETUP.INF')
2018-12-17T22:57:31.89040087Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.892916774Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\USER.EXE')
2018-12-17T22:57:31.901883625Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.904384671Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\CGA40WOA.FON')
2018-12-17T22:57:31.91206462Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.914985595Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\CGA80WOA.FON')
2018-12-17T22:57:31.922857793Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.925313696Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COMM.DRV')
2018-12-17T22:57:31.936013638Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.939563334Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\DOSAPP.FON')
2018-12-17T22:57:31.948509028Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.951816858Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\DOSX.EXE')
2018-12-17T22:57:31.959589112Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.962009319Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\EGA40WOA.FON')
2018-12-17T22:57:31.970697876Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.973826347Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\KEYBOARD.DRV')
2018-12-17T22:57:31.983243626Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.986291304Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\KRNL286.EXE')
2018-12-17T22:57:31.995543753Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:31.998526191Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\KRNL386.EXE')
2018-12-17T22:57:32.007488406Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.010031896Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\LZEXPAND.DLL')
2018-12-17T22:57:32.019031047Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.023894922Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MOUSE.DRV')
2018-12-17T22:57:32.039265498Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.043261196Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VER.DLL')
2018-12-17T22:57:32.057239044Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.061258682Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGA.3GR')
2018-12-17T22:57:32.074601596Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.0790976Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGA.DRV')
2018-12-17T22:57:32.092804554Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.096848321Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGACOLOR.2GR')
2018-12-17T22:57:32.113299727Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.11746369Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGALOGO.RLE')
2018-12-17T22:57:32.131300814Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.136123797Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGAOEM.FON')
2018-12-17T22:57:32.149525574Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.155818843Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGASYS.FON')
2018-12-17T22:57:32.169007904Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.172999862Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WIN.CNF')
2018-12-17T22:57:32.18663097Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.190758941Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WIN87EM.DLL')
2018-12-17T22:57:32.204923564Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.209899904Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\EGA80WOA.FON')
2018-12-17T22:57:32.223301458Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.227245316Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MMSOUND.DRV')
2018-12-17T22:57:32.241502638Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.245727738Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SYSTEM.DRV')
2018-12-17T22:57:32.258243429Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.262589399Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGAFIX.FON')
2018-12-17T22:57:32.274783007Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.27896891Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VGALOGO.LGO')
2018-12-17T22:57:32.293262946Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.296763314Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SOUND.DRV')
2018-12-17T22:57:32.30881296Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.313639362Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MAIN.CPL')
2018-12-17T22:57:32.330934345Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.334743099Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VTDA.386')
2018-12-17T22:57:32.348910067Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.35283023Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WIN386.EXE')
2018-12-17T22:57:32.366662136Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.371411206Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\APPS.INF')
2018-12-17T22:57:32.384884097Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.388749273Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COMMDLG.DLL')
2018-12-17T22:57:32.402497854Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.406343173Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\CONTROL.INF')
2018-12-17T22:57:32.419541379Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.423773832Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\DDEML.DLL')
2018-12-17T22:57:32.437750151Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.441893227Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\DRIVERS.CPL')
2018-12-17T22:57:32.454518205Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.458409154Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\DSWAP.EXE')
2018-12-17T22:57:32.472474942Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.476482075Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MCISEQ.DRV')
2018-12-17T22:57:32.488964981Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.493899194Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MCIWAVE.DRV')
2018-12-17T22:57:32.506141396Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.510006041Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MIDIMAP.DRV')
2018-12-17T22:57:32.523812533Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.527659492Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MMSYSTEM.DLL')
2018-12-17T22:57:32.540453092Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.544827262Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\OLECLI.DLL')
2018-12-17T22:57:32.558244357Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.562015887Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\OLESVR.DLL')
2018-12-17T22:57:32.574495219Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.578202933Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SHELL.DLL')
2018-12-17T22:57:32.590596319Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.594763672Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SYSEDIT.EXE')
2018-12-17T22:57:32.607854346Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.611531795Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TOOLHELP.DLL')
2018-12-17T22:57:32.624279656Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.627982338Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WINOA386.MOD')
2018-12-17T22:57:32.639887063Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.64450833Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WINOLDAP.MOD')
2018-12-17T22:57:32.658627007Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.662353102Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WSWAP.EXE')
2018-12-17T22:57:32.676108757Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.679753512Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIAL.FOT')
2018-12-17T22:57:32.691659642Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.695713294Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIAL.TTF')
2018-12-17T22:57:32.708118716Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.714288857Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIALBD.FOT')
2018-12-17T22:57:32.725897456Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.730214896Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIALBD.TTF')
2018-12-17T22:57:32.742635979Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.746085739Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIALBI.FOT')
2018-12-17T22:57:32.757630841Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.762497784Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIALBI.TTF')
2018-12-17T22:57:32.774635726Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.77833407Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIALI.FOT')
2018-12-17T22:57:32.791077697Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.795929947Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ARIALI.TTF')
2018-12-17T22:57:32.807853945Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.812411857Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COUR.FOT')
2018-12-17T22:57:32.824029823Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.828446973Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COUR.TTF')
2018-12-17T22:57:32.840962922Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.844642056Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURBD.FOT')
2018-12-17T22:57:32.857834475Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.861964032Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURBD.TTF')
2018-12-17T22:57:32.873741292Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.878721799Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURBI.FOT')
2018-12-17T22:57:32.890829223Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.89459592Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURBI.TTF')
2018-12-17T22:57:32.908081457Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.915744167Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURE.FON')
2018-12-17T22:57:32.928678578Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.933337871Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURI.FOT')
2018-12-17T22:57:32.945441237Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.949233102Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\COURI.TTF')
2018-12-17T22:57:32.961950759Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.966184675Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MIDIMAP.CFG')
2018-12-17T22:57:32.977932792Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.982554507Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MMTASK.TSK')
2018-12-17T22:57:32.995322238Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:32.999072482Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\MODERN.FON')
2018-12-17T22:57:33.012143148Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.01603417Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\ROMAN.FON')
2018-12-17T22:57:33.028174263Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.032747925Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SCRIPT.FON')
2018-12-17T22:57:33.045705515Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.050434306Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SERIFE.FON')
2018-12-17T22:57:33.065079294Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.069493348Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SETUP.REG')
2018-12-17T22:57:33.08573715Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.090097169Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SMALLE.FON')
2018-12-17T22:57:33.102580028Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.107344479Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SND.CPL')
2018-12-17T22:57:33.120555741Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.124529377Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SSERIFE.FON')
2018-12-17T22:57:33.139155579Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.143503244Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SYMBOL.FOT')
2018-12-17T22:57:33.156244858Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.161309467Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SYMBOL.TTF')
2018-12-17T22:57:33.173751452Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.178612804Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\SYMBOLE.FON')
2018-12-17T22:57:33.196037389Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.200091133Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMER.DRV')
2018-12-17T22:57:33.212389655Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.217537745Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMES.FOT')
2018-12-17T22:57:33.230300184Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.234484327Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMES.TTF')
2018-12-17T22:57:33.248639372Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.252634654Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMESBD.FOT')
2018-12-17T22:57:33.265890974Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.270209132Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMESBD.TTF')
2018-12-17T22:57:33.282242983Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.287425203Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMESBI.FOT')
2018-12-17T22:57:33.299546426Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.304171645Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMESBI.TTF')
2018-12-17T22:57:33.317342341Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.321170036Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMESI.FOT')
2018-12-17T22:57:33.334361553Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.338751166Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\TIMESI.TTF')
2018-12-17T22:57:33.35178187Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.35599054Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\VTDAPI.386')
2018-12-17T22:57:33.370218032Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.374379918Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WIN386.PS2')
2018-12-17T22:57:33.387687567Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.391889127Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WINGDING.FOT')
2018-12-17T22:57:33.404325134Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.409506835Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\WINGDING.TTF')
2018-12-17T22:57:33.421355597Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.424839669Z	65	PC: 12bff \| Delete file (Filename = 'C:\WINDOWS\SYSTEM\QHA.PRT')
2018-12-17T22:57:33.436978647Z	79	PC: 12c05 \| Find next file
2018-12-17T22:57:33.440721638Z	26	PC: 12c81 \| Set disk transfer address
2018-12-17T22:57:33.441953895Z	78	PC: 12c88 \| Find first file
2018-12-17T22:57:33.453760757Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.455915435Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.460132231Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.463493156Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.466097538Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.468803936Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.47266513Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.475493701Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.478303693Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.482140605Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.48491707Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.488520273Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.491670867Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.494463541Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.497754571Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.500303228Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.503112114Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.506306938Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.508728059Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.511956519Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.515111608Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.517598598Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.520073626Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.522933535Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.525408917Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.528223178Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.530921064Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.533459987Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.539898948Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.542418429Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.54490333Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.547918088Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.550372515Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.552827973Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.555212002Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.557551415Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.560583633Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.563116538Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.565516578Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.569115157Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.571670313Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.574191992Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.577116895Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.579458349Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.589465411Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.593385963Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.595685135Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.598034424Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.601259169Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.603532614Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.606273429Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.609479397Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.611730577Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.614770812Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.617168465Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.61944742Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.623140163Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.625843761Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.630939415Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.634523547Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.639378721Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.642373925Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.646792551Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.651757066Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.654764145Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.658844649Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.66182368Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.664303627Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.669138766Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.67197417Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.674829663Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.685136546Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.687748523Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.690542686Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.694329638Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.697111537Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.700790915Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.704319782Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.708248222Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.711603747Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.714306348Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.716771415Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.720265934Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.722743768Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.725579366Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.728662451Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.731416411Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.735259107Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.738545018Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.741324688Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.745525399Z	6	PC: 14ce1 \| Direct console I/O
2018-12-17T22:57:33.750723737Z	12	PC: 14d8a \| Flush input buffer and input