Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.s

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:01.278763244Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:01.280501884Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:01.283122834Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:01.284520446Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:01.285908129Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:01.288782727Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:01.290395463Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:01.29174149Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:01.294270203Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:01.295893794Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:01.297228924Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:01.298745499Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:01.30222988Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:01.304377289Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:01.306641196Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:01.30916388Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:01.311148403Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:01.312927164Z 53 PC: 133a6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:01.315469236Z 37 PC: 133bb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:01.316759109Z 37 PC: 133c3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:01.318015881Z 37 PC: 133cb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:01.324330783Z 37 PC: 133d3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:01.326444472Z 68 PC: 1390a | I/O control for devices (Set for = '')
2018-12-17T23:08:01.328765827Z 64 PC: 13a0d | Write file or device (Write 76 bytes on handle 1)
2018-12-17T23:08:01.337413589Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:01.339186181Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:01.340765891Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:01.345368613Z 25 PC: 13de5 | Get default drive
2018-12-17T23:08:01.346630691Z 71 PC: 13df8 | Get current directory
2018-12-17T23:08:01.350159529Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:01.35225093Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:01.353666002Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:01.359004372Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:01.360649288Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:01.362657349Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:01.368217238Z 64 PC: 13a0d | Write file or device (Write 68 bytes on handle 1)
2018-12-17T23:08:01.37641916Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:01.378850857Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:01.381405038Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:01.386416574Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:01.388844472Z 78 PC: 13313 | Find first file
2018-12-17T23:08:01.395274611Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.397247565Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.401045225Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.402408084Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.405906695Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.408430334Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.412096542Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.413454493Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.417626282Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.418921354Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.422299776Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.424072744Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.427236634Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.428475484Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.431658701Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.433227594Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.438288367Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:01.439774789Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:01.441511462Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:01.446256903Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:01.447583896Z 78 PC: 13313 | Find first file
2018-12-17T23:08:01.454642225Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.456295497Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.46000089Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.469915117Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.473658422Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.475508269Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.480083335Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.481702178Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.485351282Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.488065528Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.491686436Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.493159882Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.498119014Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.499485754Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.502803668Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:01.50405214Z 79 PC: 13330 | Find next file
2018-12-17T23:08:01.507980471Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.853017877Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\io.sys')
2018-12-17T23:08:01.866685237Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.878562706Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\msdos.sys')
2018-12-17T23:08:01.890262216Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.894078582Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\ms-dos_6')
2018-12-17T23:08:01.899417909Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.906550199Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos')
2018-12-17T23:08:01.913989496Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.922817679Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\command.com')
2018-12-17T23:08:01.930520199Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.936839039Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows')
2018-12-17T23:08:01.941615259Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.947720856Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\config.sys')
2018-12-17T23:08:01.955243945Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:01.966617289Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\autoexec.bat')
2018-12-17T23:08:01.980071977Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:01.982157029Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:01.983844693Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:01.993541983Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:01.99585333Z 78 PC: 13313 | Find first file
2018-12-17T23:08:02.006089343Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.008899595Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.013279088Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.015003032Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.02078048Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.022402914Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.026605456Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.028900133Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.033189678Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.035242883Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.040210257Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.041474184Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.045364371Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.053554284Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.058650908Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.060128132Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.064384114Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.066545944Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.071410722Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.072842124Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.077575178Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.079044025Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.083285347Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.085582546Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.0895017Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.091143288Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.095894865Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.097442974Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.101399506Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.103559989Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.107666473Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.109332024Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.11781726Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.119330536Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.123302031Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.125055532Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.129242149Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.130769408Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.13495597Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.137396814Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.141365712Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.142935959Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.147778534Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.150148164Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.152960185Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.154650475Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.157117153Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.158183634Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.161196851Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.162185048Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.16450247Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.166181395Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.168623652Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.169684929Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.172687444Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.173658138Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.17602098Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.177599152Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.179986325Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.180976445Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.183950018Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.184926075Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.187269002Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.188832918Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.193105694Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.194082735Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.197083943Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.198105844Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.200504813Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.202049693Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.204427437Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.205374289Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.208329614Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:02.209301942Z 79 PC: 13330 | Find next file
2018-12-17T23:08:02.212043464Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:02.219227539Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\attrib.exe')
2018-12-17T23:08:02.227190537Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:02.23360718Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\chkdsk.exe')
2018-12-17T23:08:02.247334486Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:02.258738516Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\country.sys')
2018-12-17T23:08:02.272310867Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:02.291022069Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\country.txt')
2018-12-17T23:08:02.625166188Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:02.809962597Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\debug.exe')
2018-12-17T23:08:02.969737982Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:02.981360516Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\dossetup.ini')
2018-12-17T23:08:02.994309605Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.005790994Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\drvspace.bin')
2018-12-17T23:08:03.0200282Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.032238151Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\edit.com')
2018-12-17T23:08:03.045214609Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.127136888Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\expand.exe')
2018-12-17T23:08:03.370562748Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.387238996Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\fdisk.exe')
2018-12-17T23:08:03.406455931Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.422075661Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\format.com')
2018-12-17T23:08:03.452195562Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.464458097Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\keyb.com')
2018-12-17T23:08:03.477579713Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.489865955Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\keyboard.sys')
2018-12-17T23:08:03.506114824Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.517911774Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\mem.exe')
2018-12-17T23:08:03.530981967Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.542629822Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\nlsfunc.exe')
2018-12-17T23:08:03.555949555Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.567819312Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\readme.txt')
2018-12-17T23:08:03.582370782Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.593052463Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\networks.txt')
2018-12-17T23:08:03.605699679Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.617415938Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\qbasic.exe')
2018-12-17T23:08:03.631142941Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.642121668Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\replace.exe')
2018-12-17T23:08:03.655190018Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.665965288Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\restore.exe')
2018-12-17T23:08:03.678627637Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.692254543Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\scandisk.exe')
2018-12-17T23:08:03.7057032Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.71786366Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\scandisk.ini')
2018-12-17T23:08:03.731846723Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.743921086Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\setup.exe')
2018-12-17T23:08:03.758185719Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.770766066Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\sys.com')
2018-12-17T23:08:03.784416691Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.795855342Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\xcopy.exe')
2018-12-17T23:08:03.809965226Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.821635743Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\defrag.exe')
2018-12-17T23:08:03.835301741Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.847112194Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\defrag.hlp')
2018-12-17T23:08:03.860302923Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.871467893Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\ega.cpi')
2018-12-17T23:08:03.88647802Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.897742769Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\ega2.cpi')
2018-12-17T23:08:03.910648669Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.923019558Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\ega3.cpi')
2018-12-17T23:08:03.935887704Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.950132793Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\emm386.exe')
2018-12-17T23:08:03.969710025Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:03.988480647Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\iso.cpi')
2018-12-17T23:08:04.012504014Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:04.023603257Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\keybrd2.sys')
2018-12-17T23:08:04.037667847Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:04.363800264Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\mscdex.exe')
2018-12-17T23:08:04.377330869Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:04.389447667Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\dos\qbasic.ini')
2018-12-17T23:08:04.402935367Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:04.405253179Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:04.407991653Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:04.415078999Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:04.416696504Z 78 PC: 13313 | Find first file
2018-12-17T23:08:04.427758372Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.429752285Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.433906669Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.436309798Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.441658155Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.443103675Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.447784339Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.449054649Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.452964626Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.455497029Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.459692822Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.461002366Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.465628812Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.466900356Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.470768408Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.472604008Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.482075365Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.483654148Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.48779791Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.49003349Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.494180603Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.495727289Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.50279592Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.504071921Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.508126108Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.510263402Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.514081675Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.515552233Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.51994041Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.521171906Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.526046959Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.527906989Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.535157313Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.536601876Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.54102451Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.54229224Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.546358644Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.548810639Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.553254874Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.555185384Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.5594728Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.566701797Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.57176401Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.573480469Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.577672281Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.580108971Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.584623803Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.58623218Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.591230916Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.593123596Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.596890766Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.599442805Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.60334849Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.604585874Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.609885597Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.611260761Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.61538661Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.617386453Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.621328331Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.6226102Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.627020974Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.628210087Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.632157777Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.634046628Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.641850345Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.643428944Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.649150758Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.650750991Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.654914804Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.657570946Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.661791425Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.663393305Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.668575605Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.670086178Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.674369793Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.67698724Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.681267756Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.682960312Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.688591734Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.690116951Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.69433699Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.69724476Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.701438855Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.702968718Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.708119076Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.709273272Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.713184092Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.714809498Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.718488866Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.71963961Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.723979844Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.725077642Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.728917062Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.730882054Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.734669213Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.736525418Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.743592416Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.744699319Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.749125024Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.750264742Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.753921995Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.756444684Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.761180641Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.762229433Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.765311391Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.766312595Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.768667051Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.770266874Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.772980057Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.774148073Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.777157898Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.778140279Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.780499402Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.782221649Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.784621404Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.785645586Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.788964971Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.790119508Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.792471899Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.794161249Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.796659631Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.797642269Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.800533225Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.801681372Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.806005294Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.808447452Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.812602891Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.813755485Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.818834594Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.819743186Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.822788962Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.823733057Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.826035773Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.827855589Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.830258796Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.831210499Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.834148767Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.835247867Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.838992329Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.841417118Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.845189908Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.846280114Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.85047519Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.851553821Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.856722004Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.858282978Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.862119927Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.863561981Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.86805759Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.869562373Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.874041812Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.875820647Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.879671556Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.881447292Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.885345568Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.886885775Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.891332848Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.892395545Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.911984729Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.913644594Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.920730162Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.922090293Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.926757676Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.928227089Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.933081542Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.934491669Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.938617962Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.940703574Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.945102461Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.946637683Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.951232729Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.952470121Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.956028331Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.957608354Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.961615123Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.96344272Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.967411787Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.968635939Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.973569817Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.975014481Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.97871587Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.980606704Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.984944226Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.986057921Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.990334177Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.991407915Z 79 PC: 13330 | Find next file
2018-12-17T23:08:04.994891173Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:04.996839098Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.000334319Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.001340691Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.004930966Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.005956733Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.012917271Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.014936451Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.018618233Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.020433728Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.024007331Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.025504646Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.0298927Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.03141066Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.03512615Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.03705131Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.04065413Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.042152546Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.046749889Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.048240597Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.052244352Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.054189865Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.05912921Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.061024339Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.06571269Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.067431619Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.072250232Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.073832678Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.077734883Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.080267491Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.084321549Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.085640424Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.09009653Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.091618481Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.095480392Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.097061401Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.104284908Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.105548605Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.109893384Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:05.111498185Z 79 PC: 13330 | Find next file
2018-12-17T23:08:05.117011991Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.125518944Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system')
2018-12-17T23:08:05.13417778Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.14613336Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\control.hlp')
2018-12-17T23:08:05.160608274Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.171358826Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\setup.exe')
2018-12-17T23:08:05.185032248Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.196665828Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\setup.hlp')
2018-12-17T23:08:05.209751248Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.220895311Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\setup.txt')
2018-12-17T23:08:05.234876741Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.246085059Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system.ini')
2018-12-17T23:08:05.27716083Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.288026638Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\win.ini')
2018-12-17T23:08:05.301736093Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.313015381Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winhelp.exe')
2018-12-17T23:08:05.327677904Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.338937996Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\win.com')
2018-12-17T23:08:05.352186991Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.362824179Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\bootlog.txt')
2018-12-17T23:08:05.377141313Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.387769764Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\mouse.ini')
2018-12-17T23:08:05.400201247Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.412314978Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\msd.exe')
2018-12-17T23:08:05.425506423Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.436958634Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\packager.exe')
2018-12-17T23:08:05.450365585Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.460898832Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\pbrush.exe')
2018-12-17T23:08:05.476129002Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.486863681Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\sol.exe')
2018-12-17T23:08:05.500350433Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.511787073Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\terminal.exe')
2018-12-17T23:08:05.52465047Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.535536357Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winfile.exe')
2018-12-17T23:08:05.550746997Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.562565669Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winfile.hlp')
2018-12-17T23:08:05.57560039Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.586465393Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\wintutor.exe')
2018-12-17T23:08:05.599089179Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.610336308Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\write.exe')
2018-12-17T23:08:05.623723701Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.634895504Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\calc.exe')
2018-12-17T23:08:05.64899104Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.659725604Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\calc.hlp')
2018-12-17T23:08:05.6726154Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.684354412Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\calendar.exe')
2018-12-17T23:08:05.697109032Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.708687526Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\calendar.hlp')
2018-12-17T23:08:05.722167775Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.733089121Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\canyon.mid')
2018-12-17T23:08:05.746774178Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.757391796Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\cardfile.exe')
2018-12-17T23:08:05.770494834Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.78188126Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\cardfile.hlp')
2018-12-17T23:08:05.795019347Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.810802554Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\charmap.exe')
2018-12-17T23:08:05.824848016Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.835313138Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\chord.wav')
2018-12-17T23:08:05.847531311Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.860306911Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\clipbrd.exe')
2018-12-17T23:08:05.875198508Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.886396161Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\control.exe')
2018-12-17T23:08:05.899599846Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.911107777Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\control.ini')
2018-12-17T23:08:05.924989347Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.935972384Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\drwatson.exe')
2018-12-17T23:08:05.94966696Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.961369422Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\emm386.exe')
2018-12-17T23:08:05.974771565Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:05.987255053Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\expand.exe')
2018-12-17T23:08:06.000530089Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.012228942Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\glossary.hlp')
2018-12-17T23:08:06.035268853Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.06140779Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\moricons.dll')
2018-12-17T23:08:06.075172317Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.087436278Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\mplayer.exe')
2018-12-17T23:08:06.099153817Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.109771723Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\networks.wri')
2018-12-17T23:08:06.123657009Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.130310812Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\notepad.exe')
2018-12-17T23:08:06.143549892Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.154273539Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\packager.hlp')
2018-12-17T23:08:06.166981936Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.178835781Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\pbrush.hlp')
2018-12-17T23:08:06.191795114Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.203003559Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\pifedit.exe')
2018-12-17T23:08:06.217131806Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.228468061Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\pifedit.hlp')
2018-12-17T23:08:06.243764277Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.255005929Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\printers.wri')
2018-12-17T23:08:06.268941858Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.28068029Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\printman.exe')
2018-12-17T23:08:06.295584536Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.309260274Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\printman.hlp')
2018-12-17T23:08:06.322604503Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.333272351Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\progman.exe')
2018-12-17T23:08:06.347182157Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.358065166Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\progman.hlp')
2018-12-17T23:08:06.371243457Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.383164514Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\readme.wri')
2018-12-17T23:08:06.395609312Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.406197927Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\recorder.exe')
2018-12-17T23:08:06.419838293Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.431420195Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\recorder.hlp')
2018-12-17T23:08:06.443024973Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.451941972Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\regedit.exe')
2018-12-17T23:08:06.461455157Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.47287871Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\regedit.hlp')
2018-12-17T23:08:06.483808527Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.492355624Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\regeditv.hlp')
2018-12-17T23:08:06.507111178Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.517195151Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\smartdrv.exe')
2018-12-17T23:08:06.530365622Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.542496176Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\soundrec.exe')
2018-12-17T23:08:06.556239347Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.568228737Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\sysini.wri')
2018-12-17T23:08:06.581374195Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.592382324Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\terminal.hlp')
2018-12-17T23:08:06.835816795Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.9213426Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winhelp.hlp')
2018-12-17T23:08:06.933699996Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.94574672Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winlogo.bmp')
2018-12-17T23:08:06.958010193Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.968623816Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winmine.exe')
2018-12-17T23:08:06.983250348Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:06.993953469Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\wintutor.dat')
2018-12-17T23:08:07.007449806Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.018582132Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\write.hlp')
2018-12-17T23:08:07.030943921Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.043367661Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\256color.bmp')
2018-12-17T23:08:07.056056219Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.066713728Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\arcade.bmp')
2018-12-17T23:08:07.080306843Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.102701078Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\argyle.bmp')
2018-12-17T23:08:07.115058771Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.127026839Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\castle.bmp')
2018-12-17T23:08:07.139882618Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.151364406Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\charmap.hlp')
2018-12-17T23:08:07.164786815Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.175394408Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\chimes.wav')
2018-12-17T23:08:07.188584675Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.199557527Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\clipbrd.hlp')
2018-12-17T23:08:07.215899296Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.228479239Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\clock.exe')
2018-12-17T23:08:07.240751403Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.251362686Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\ding.wav')
2018-12-17T23:08:07.26529354Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.275900443Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\egypt.bmp')
2018-12-17T23:08:07.289987533Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.300906223Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\himem.sys')
2018-12-17T23:08:07.313163957Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.324633702Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\honey.bmp')
2018-12-17T23:08:07.337170067Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.348538335Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\mplayer.hlp')
2018-12-17T23:08:07.361906844Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.372489802Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\msd.ini')
2018-12-17T23:08:07.384819289Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.396493531Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\notepad.hlp')
2018-12-17T23:08:07.409603845Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.421028712Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\pbrush.dll')
2018-12-17T23:08:07.43359163Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.444164255Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\ramdrive.sys')
2018-12-17T23:08:07.457283315Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.472885633Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\recorder.dll')
2018-12-17T23:08:07.486402726Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.499057143Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\redbrick.bmp')
2018-12-17T23:08:07.511961334Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.523401265Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\rivets.bmp')
2018-12-17T23:08:07.538804152Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.549978321Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\scrnsave.scr')
2018-12-17T23:08:07.563826911Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.575216781Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\sol.hlp')
2018-12-17T23:08:07.588201886Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.601346796Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\soundrec.hlp')
2018-12-17T23:08:07.614281202Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.625799869Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\squares.bmp')
2018-12-17T23:08:07.639164299Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.650510591Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\ssflywin.scr')
2018-12-17T23:08:07.665420464Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.676607235Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\ssmarque.scr')
2018-12-17T23:08:07.689517334Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.701487578Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\ssstars.scr')
2018-12-17T23:08:07.715204928Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.727347388Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\taskman.exe')
2018-12-17T23:08:07.740540612Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.75179209Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\thatch.bmp')
2018-12-17T23:08:07.765673676Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.777892437Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winini.wri')
2018-12-17T23:08:07.79154947Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.803162084Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winmine.hlp')
2018-12-17T23:08:07.816218407Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.828421416Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winver.exe')
2018-12-17T23:08:07.842602554Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.853803142Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\zigzag.bmp')
2018-12-17T23:08:07.867797088Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.880592934Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\_default.pif')
2018-12-17T23:08:07.893333242Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.906341954Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\dosprmpt.pif')
2018-12-17T23:08:07.919199089Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.93127701Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\temp')
2018-12-17T23:08:07.93972164Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.950902906Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\progman.ini')
2018-12-17T23:08:07.965510476Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:07.976641712Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\reg.dat')
2018-12-17T23:08:07.990743821Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.002301969Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\main.grp')
2018-12-17T23:08:08.015249873Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.028270079Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\accessor.grp')
2018-12-17T23:08:08.041523362Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.053058797Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\games.grp')
2018-12-17T23:08:08.067098158Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.078394916Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\startup.grp')
2018-12-17T23:08:08.093487789Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.105017983Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\applicat.grp')
2018-12-17T23:08:08.117848488Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.130236754Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\qbasic.pif')
2018-12-17T23:08:08.142819885Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.155072024Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\edit.pif')
2018-12-17T23:08:08.168974328Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.180453497Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\winfile.ini')
2018-12-17T23:08:08.195005181Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.206379917Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\dosapp.ini')
2018-12-17T23:08:08.223880192Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:08.2260404Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:08.227600781Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:08.234849321Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:08.236380582Z 78 PC: 13313 | Find first file
2018-12-17T23:08:08.243531797Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.245493332Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.249554578Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.251965246Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.255968889Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.257490586Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.263005153Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.26452123Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.269350247Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.275760372Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\ms-dos_6\system')
2018-12-17T23:08:08.283657199Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.291091963Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\ms-dos_6\temp')
2018-12-17T23:08:08.298358167Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:08.300289134Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:08.302859176Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:08.312782303Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:08.315369595Z 78 PC: 13313 | Find first file
2018-12-17T23:08:08.325643648Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.327178979Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.332407168Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.333935759Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.34326358Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:08.345260164Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:08.346843114Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:08.355733855Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:08.35761473Z 78 PC: 13313 | Find first file
2018-12-17T23:08:08.364816367Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.367583077Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.371722591Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.374342953Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.378749842Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.380377636Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.385882629Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.387499291Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.392259032Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.40383179Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system')
2018-12-17T23:08:08.411833676Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:08.425525136Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\temp')
2018-12-17T23:08:08.43436994Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:08.447595506Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:08.45068803Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:08.45786143Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:08.460854059Z 78 PC: 13313 | Find first file
2018-12-17T23:08:08.470773202Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.472122342Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.47675354Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.478137183Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.48247956Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.484050981Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.489079945Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.491258003Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.495335945Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.497788886Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.502179563Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.503694649Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.5087496Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.510588246Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.514643212Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.517367304Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.521453682Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.523946051Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.528371566Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.530818734Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.536210625Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.537831755Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.542176587Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.544808106Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.548953615Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.551579782Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.556052401Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.557644524Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.562871399Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.564267079Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.569871993Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.571152214Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.578574585Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.581326032Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.585394294Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.586905435Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.591723494Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.593200882Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.59852076Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.599863408Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.603744483Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.606306248Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.610244299Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.613222226Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.617591227Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.620107068Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.6255512Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.62731517Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.631887152Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.634612362Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.638727886Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.640778207Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.64521519Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.647003536Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.651795405Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.653133998Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.659221085Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.660888116Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.665027819Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.667596159Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.671768477Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.673903384Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.678086145Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.679669718Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.687986874Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.689776077Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.695387573Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.697110586Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.701566574Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.704772765Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.709377878Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.712212705Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.71761306Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.719511669Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.724982866Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.726577928Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.731805691Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.733752481Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.738881789Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.741740383Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.745959765Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.748506032Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.753015313Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.754605865Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.760079221Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.761611499Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.766652744Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.768482053Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.77255625Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.775043736Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.779139784Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.78159546Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.786018793Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.787540479Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.792844482Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.794377508Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.803201632Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.8050553Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.80915875Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.811915829Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.81684671Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.819324755Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.823570068Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.825096489Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.830399566Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.831907204Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.836970126Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.838869342Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.843027133Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.845783435Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.849870841Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.852343415Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.85676385Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.858289323Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.863338754Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.864721533Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.869618235Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.871500449Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.875211471Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.877779265Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.881515018Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.884430202Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.888905604Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.890441716Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.896612304Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.898146392Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.903112736Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.904964328Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.912554702Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.915278832Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.919174795Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.92149676Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.925911004Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.927417144Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.932557344Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.934093424Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.939250577Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.941105468Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.945114035Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.947572201Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.951606018Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.954102194Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.958599762Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.960125122Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.965995642Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.96759795Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.973672071Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.975624616Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.979843936Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.98271325Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.98697466Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.989556861Z 79 PC: 13330 | Find next file
2018-12-17T23:08:08.994173323Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:08.995766402Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.001254678Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.002850698Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.008093127Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.010042911Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.014368269Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.017209416Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.034486146Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.037226136Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.041816693Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.043341744Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.049211644Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.051553734Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.056697402Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.058580097Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.062756147Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.065513322Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.069673247Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.072157166Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.076640814Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.078168301Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.083571043Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.085134054Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.089876Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.09160666Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.095839539Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.098682315Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.102985673Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.10554951Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.110175076Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.111763866Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.11724525Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.11884917Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.124062973Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.127382402Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.13159755Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.13382977Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.138074927Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:09.140233458Z 79 PC: 13330 | Find next file
2018-12-17T23:08:09.148451864Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.174517486Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\cpwin386.cpl')
2018-12-17T23:08:09.189959026Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.200737721Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\gdi.exe')
2018-12-17T23:08:09.214701871Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.226239304Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\setup.inf')
2018-12-17T23:08:09.239805499Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.255837063Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\user.exe')
2018-12-17T23:08:09.273614454Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.285225386Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\cga40woa.fon')
2018-12-17T23:08:09.298238165Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.312665001Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\cga80woa.fon')
2018-12-17T23:08:09.326421304Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.337440491Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\comm.drv')
2018-12-17T23:08:09.351161134Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.362911212Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\dosapp.fon')
2018-12-17T23:08:09.377963149Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.390274043Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\dosx.exe')
2018-12-17T23:08:09.403978699Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.415802645Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\ega40woa.fon')
2018-12-17T23:08:09.429627292Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.441192991Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\keyboard.drv')
2018-12-17T23:08:09.454422396Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.465694262Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\krnl286.exe')
2018-12-17T23:08:09.479775818Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.487897421Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\krnl386.exe')
2018-12-17T23:08:09.496894659Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.510005698Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\lzexpand.dll')
2018-12-17T23:08:09.522888365Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.535062674Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\mouse.drv')
2018-12-17T23:08:09.548378889Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.559391524Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\ver.dll')
2018-12-17T23:08:09.57445212Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.585456075Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vga.3gr')
2018-12-17T23:08:09.599584664Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.61098183Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vga.drv')
2018-12-17T23:08:09.624737482Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.637096649Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vgacolor.2gr')
2018-12-17T23:08:09.649974725Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.662119009Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vgalogo.rle')
2018-12-17T23:08:09.675434764Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.687297756Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vgaoem.fon')
2018-12-17T23:08:09.701628495Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.712658452Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vgasys.fon')
2018-12-17T23:08:09.726815985Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.741676001Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\win.cnf')
2018-12-17T23:08:09.758638946Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.770914532Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\win87em.dll')
2018-12-17T23:08:09.784170332Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.795822976Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\ega80woa.fon')
2018-12-17T23:08:09.809473007Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.821612577Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\mmsound.drv')
2018-12-17T23:08:09.834855945Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.845864814Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\system.drv')
2018-12-17T23:08:09.859805021Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.872077264Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vgafix.fon')
2018-12-17T23:08:09.886064041Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.897427279Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vgalogo.lgo')
2018-12-17T23:08:09.910364404Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.923450653Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\sound.drv')
2018-12-17T23:08:09.937221988Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.949653348Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\main.cpl')
2018-12-17T23:08:09.964027158Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:09.975329461Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vtda.386')
2018-12-17T23:08:09.990792287Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.002512737Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\win386.exe')
2018-12-17T23:08:10.019226636Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.032781075Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\apps.inf')
2018-12-17T23:08:10.047568114Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.060845314Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\commdlg.dll')
2018-12-17T23:08:10.074177269Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.086361931Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\control.inf')
2018-12-17T23:08:10.10019453Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.111693445Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\ddeml.dll')
2018-12-17T23:08:10.127601065Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.135118919Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\drivers.cpl')
2018-12-17T23:08:10.146314479Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.160598819Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\dswap.exe')
2018-12-17T23:08:10.176128341Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.188310726Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\mciseq.drv')
2018-12-17T23:08:10.201480582Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.213049575Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\mciwave.drv')
2018-12-17T23:08:10.226083374Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.238064419Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\midimap.drv')
2018-12-17T23:08:10.251500389Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.262416392Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\mmsystem.dll')
2018-12-17T23:08:10.27710256Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.288081071Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\olecli.dll')
2018-12-17T23:08:10.302468541Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.31452815Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\olesvr.dll')
2018-12-17T23:08:10.328441976Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.34054493Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\shell.dll')
2018-12-17T23:08:10.354040339Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.366205688Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\sysedit.exe')
2018-12-17T23:08:10.384060076Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.39615996Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\toolhelp.dll')
2018-12-17T23:08:10.409726037Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.42176437Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\winoa386.mod')
2018-12-17T23:08:10.435798415Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.446783013Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\winoldap.mod')
2018-12-17T23:08:10.459649416Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.470345108Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\wswap.exe')
2018-12-17T23:08:10.484189607Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.495892596Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\arial.fot')
2018-12-17T23:08:10.509457762Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.520230915Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\arial.ttf')
2018-12-17T23:08:10.532574794Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.539640663Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\arialbd.fot')
2018-12-17T23:08:10.548852628Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.561797505Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\arialbd.ttf')
2018-12-17T23:08:10.575221332Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.586950482Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\arialbi.fot')
2018-12-17T23:08:10.600078604Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.613042269Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\arialbi.ttf')
2018-12-17T23:08:10.628163865Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.640585822Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\ariali.fot')
2018-12-17T23:08:10.655254479Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.666357906Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\ariali.ttf')
2018-12-17T23:08:10.680585778Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.693009925Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\cour.fot')
2018-12-17T23:08:10.706057856Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.713683536Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\cour.ttf')
2018-12-17T23:08:10.721380869Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.72900157Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\courbd.fot')
2018-12-17T23:08:10.740311953Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.75382248Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\courbd.ttf')
2018-12-17T23:08:10.767014685Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.778598468Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\courbi.fot')
2018-12-17T23:08:10.79209436Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.803083891Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\courbi.ttf')
2018-12-17T23:08:10.819857923Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.831190075Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\coure.fon')
2018-12-17T23:08:10.845683549Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.857328369Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\couri.fot')
2018-12-17T23:08:10.871307629Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.884475455Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\couri.ttf')
2018-12-17T23:08:10.897686309Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.910493067Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\midimap.cfg')
2018-12-17T23:08:10.923637132Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.937411215Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\mmtask.tsk')
2018-12-17T23:08:10.951492999Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.962678709Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\modern.fon')
2018-12-17T23:08:10.976682073Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:10.988858793Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\roman.fon')
2018-12-17T23:08:11.003577043Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.014979799Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\script.fon')
2018-12-17T23:08:11.028459548Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.039858295Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\serife.fon')
2018-12-17T23:08:11.052744494Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.065369201Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\setup.reg')
2018-12-17T23:08:11.079064897Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.091506291Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\smalle.fon')
2018-12-17T23:08:11.105044385Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.121469245Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\snd.cpl')
2018-12-17T23:08:11.135546606Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.146837934Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\sserife.fon')
2018-12-17T23:08:11.162160944Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.173386395Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\symbol.fot')
2018-12-17T23:08:11.18868844Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.20023306Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\symbol.ttf')
2018-12-17T23:08:11.213327255Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.225843605Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\symbole.fon')
2018-12-17T23:08:11.238999666Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.250183042Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timer.drv')
2018-12-17T23:08:11.258119619Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.267418555Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\times.fot')
2018-12-17T23:08:11.276787402Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.284472391Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\times.ttf')
2018-12-17T23:08:11.29417591Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.301362267Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timesbd.fot')
2018-12-17T23:08:11.310999823Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.318019435Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timesbd.ttf')
2018-12-17T23:08:11.3318815Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.342707841Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timesbi.fot')
2018-12-17T23:08:11.355755492Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.366596823Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timesbi.ttf')
2018-12-17T23:08:11.380424097Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.391791404Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timesi.fot')
2018-12-17T23:08:11.404903104Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.416873252Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\timesi.ttf')
2018-12-17T23:08:11.431237538Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.442973003Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\vtdapi.386')
2018-12-17T23:08:11.455841398Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.468150078Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\win386.ps2')
2018-12-17T23:08:11.481662636Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.49428896Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\wingding.fot')
2018-12-17T23:08:11.506996389Z 67 PC: 132d6 | Get or set file attributes
2018-12-17T23:08:11.51807822Z 65 PC: 13d75 | Delete file (Filename = 'c:\.\windows\system\wingding.ttf')
2018-12-17T23:08:11.532118277Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.534535274Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.537595378Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:11.548701676Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:11.551484264Z 78 PC: 13313 | Find first file
2018-12-17T23:08:11.562957651Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.564808486Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.570075904Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.571661761Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.577922654Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.579698964Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.582420556Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:11.589239117Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:11.590458229Z 78 PC: 13313 | Find first file
2018-12-17T23:08:11.598553278Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.599830966Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.604628066Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.606030456Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.611700518Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.613382127Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.615939663Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:11.622504413Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:11.625339033Z 78 PC: 13313 | Find first file
2018-12-17T23:08:11.632161198Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.633813367Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.638920199Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.6405111Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.646565777Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.648316388Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.65040683Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:11.654478253Z 26 PC: 13307 | Set disk transfer address
2018-12-17T23:08:11.656207397Z 78 PC: 13313 | Find first file
2018-12-17T23:08:11.660355583Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.662135968Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.664558003Z 26 PC: 1332b | Set disk transfer address
2018-12-17T23:08:11.665812952Z 79 PC: 13330 | Find next file
2018-12-17T23:08:11.668904611Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.670072339Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.671815555Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:11.674643893Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.676435322Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.677603285Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.685966248Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.693611424Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.706798336Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.711635615Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.723679565Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.731486123Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.74504014Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.758684952Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.765312482Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.772554884Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.779267329Z 58 PC: 13eac | Remove subdirectory
2018-12-17T23:08:11.787058856Z 14 PC: 13e3e | Set default drive (Drive = 'C')
2018-12-17T23:08:11.788550974Z 25 PC: 13e42 | Get default drive
2018-12-17T23:08:11.790853427Z 59 PC: 13eac | Change current directory
2018-12-17T23:08:11.795137616Z 64 PC: 13a0d | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:08:11.797375355Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:11.798786658Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:08:11.80020306Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:08:11.801840329Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:11.803306844Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:11.80485535Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:08:11.806034336Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:08:11.808164214Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:08:11.80982918Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:08:11.81641308Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:08:11.817810606Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:08:11.819161081Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:08:11.82155165Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:08:11.822848162Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:08:11.82543202Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:08:11.826736052Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:08:11.829270657Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:08:11.830795482Z 37 PC: 134b5 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:08:11.83249066Z 76 PC: 134f4 | Terminate with return code (Return code = '0')