Sample viewer

vx.netlux.org/Trojan.DOS.TZ

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:24.347174311Z	74	PC: 12de5 \| Reallocate memory
2018-12-17T21:56:24.348947789Z	48	PC: 12e1d \| Get DOS version
2018-12-17T21:56:24.351831638Z	99	PC: 1460e \| Get DBCS lead byte table pointer
2018-12-17T21:56:24.353714987Z	101	PC: 147b1 \| Get extended country info
2018-12-17T21:56:24.355975312Z	74	PC: 138f6 \| Reallocate memory
2018-12-17T21:56:24.360143392Z	74	PC: 138f6 \| Reallocate memory
2018-12-17T21:56:24.363345409Z	74	PC: 138f6 \| Reallocate memory
2018-12-17T21:56:24.365968435Z	26	PC: 13004 \| Set disk transfer address
2018-12-17T21:56:24.368574724Z	78	PC: 1300a \| Find first file
2018-12-17T21:56:24.37869755Z	26	PC: 13004 \| Set disk transfer address
2018-12-17T21:56:24.379884125Z	78	PC: 1300a \| Find first file
2018-12-17T21:56:24.398559787Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.406424186Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.411910699Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.413335469Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.420298378Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T21:56:24.772523479Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.773846799Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.782155211Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T21:56:24.793202331Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.794508022Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.799820638Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\COUNTRY.SYS')
2018-12-17T21:56:24.812303013Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.814183122Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.821516772Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\COUNTRY.TXT')
2018-12-17T21:56:24.832399362Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.833411206Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.840409743Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T21:56:24.868904618Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.870033704Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.874833475Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\DOSSETUP.INI')
2018-12-17T21:56:24.903949971Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.905036279Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.909252775Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\DRVSPACE.BIN')
2018-12-17T21:56:24.961710085Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:24.963237081Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:24.970349199Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T21:56:25.113653196Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.114879873Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.119653391Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T21:56:25.170244772Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.171291195Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.176700999Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T21:56:25.202172474Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.204220999Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.210268916Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T21:56:25.226605449Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.227679017Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.234483049Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\KEYB.COM')
2018-12-17T21:56:25.24817568Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.249402375Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.253397775Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\KEYBOARD.SYS')
2018-12-17T21:56:25.263039063Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.264305285Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.27038989Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T21:56:25.282396127Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.283949544Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.290049099Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\NLSFUNC.EXE')
2018-12-17T21:56:25.300171246Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.314558777Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.320296078Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\README.TXT')
2018-12-17T21:56:25.332019637Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.333320856Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.340545437Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\NETWORKS.TXT')
2018-12-17T21:56:25.350931835Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.351985232Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.357550962Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\QBASIC.EXE')
2018-12-17T21:56:25.36818064Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.36929443Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.373157057Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\REPLACE.EXE')
2018-12-17T21:56:25.380930059Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.382431789Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.387091042Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\RESTORE.EXE')
2018-12-17T21:56:25.396226664Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.397412146Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.402062543Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\SCANDISK.EXE')
2018-12-17T21:56:25.412804447Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.414032001Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.419735434Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\SCANDISK.INI')
2018-12-17T21:56:25.428115569Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.4292501Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.433492339Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\SETUP.EXE')
2018-12-17T21:56:25.44277389Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.444092874Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.449004926Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\SYS.COM')
2018-12-17T21:56:25.463933762Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.466188883Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.470589821Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\XCOPY.EXE')
2018-12-17T21:56:25.493684192Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.495600942Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.499760071Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\DEFRAG.EXE')
2018-12-17T21:56:25.518799817Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.534397621Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.539766289Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\DEFRAG.HLP')
2018-12-17T21:56:25.556370008Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.557560085Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.5630406Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\EGA.CPI')
2018-12-17T21:56:25.573854315Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.574988844Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.580454407Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\EGA2.CPI')
2018-12-17T21:56:25.591608167Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.592907461Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.598650649Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\EGA3.CPI')
2018-12-17T21:56:25.610633035Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.611710681Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.617302332Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\EMM386.EXE')
2018-12-17T21:56:25.628883179Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.630376352Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.636181749Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\ISO.CPI')
2018-12-17T21:56:25.647914275Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.649020178Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.654376899Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\KEYBRD2.SYS')
2018-12-17T21:56:25.666003158Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.66776753Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.67426946Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\MSCDEX.EXE')
2018-12-17T21:56:25.686422652Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.687915286Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.69360591Z	65	PC: 13160 \| Delete file (Filename = 'C:\DOS\QBASIC.INI')
2018-12-17T21:56:25.705883866Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.707593717Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.711317023Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.713122696Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.718962073Z	26	PC: 13004 \| Set disk transfer address
2018-12-17T21:56:25.720005422Z	78	PC: 1300a \| Find first file
2018-12-17T21:56:25.731811422Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.733671436Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.739109521Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.740812865Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.747768731Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.748859681Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.754358515Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CONTROL.HLP')
2018-12-17T21:56:25.76995296Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.771819221Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.778355246Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SETUP.EXE')
2018-12-17T21:56:25.790295147Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.791245458Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.79680749Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SETUP.HLP')
2018-12-17T21:56:25.808850251Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.809877928Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.81516489Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SETUP.TXT')
2018-12-17T21:56:25.826764899Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.828273033Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.833950114Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SYSTEM.INI')
2018-12-17T21:56:25.866243896Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.867649583Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.873159588Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WIN.INI')
2018-12-17T21:56:25.897949631Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.899253782Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.913642966Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINHELP.EXE')
2018-12-17T21:56:25.925661001Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.939008153Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.953150416Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T21:56:25.979615557Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:25.981271594Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:25.986505893Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\BOOTLOG.TXT')
2018-12-17T21:56:25.99879423Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.000723168Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.006211085Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MOUSE.INI')
2018-12-17T21:56:26.017755366Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.01955407Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.025064793Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MSD.EXE')
2018-12-17T21:56:26.037500234Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.038885309Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.044958444Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PACKAGER.EXE')
2018-12-17T21:56:26.057145872Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.058903766Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.064417129Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PBRUSH.EXE')
2018-12-17T21:56:26.07669728Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.07847015Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.084104115Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SOL.EXE')
2018-12-17T21:56:26.095082691Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.097479212Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.103027804Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\TERMINAL.EXE')
2018-12-17T21:56:26.113991822Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.11658231Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.123470819Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINFILE.EXE')
2018-12-17T21:56:26.135098191Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.137670246Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.143210065Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINFILE.HLP')
2018-12-17T21:56:26.153912387Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.156432022Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.161939135Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINTUTOR.EXE')
2018-12-17T21:56:26.172955714Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.175504254Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.181008375Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WRITE.EXE')
2018-12-17T21:56:26.192547227Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.195090653Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.20059265Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CALC.EXE')
2018-12-17T21:56:26.212283619Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.214815397Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.220333215Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CALC.HLP')
2018-12-17T21:56:26.23117032Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.233705921Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.239191423Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CALENDAR.EXE')
2018-12-17T21:56:26.249831355Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.252353608Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.258564062Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CALENDAR.HLP')
2018-12-17T21:56:26.269258564Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.271761254Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.277275587Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CANYON.MID')
2018-12-17T21:56:26.287902194Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.290982677Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.296472109Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CARDFILE.EXE')
2018-12-17T21:56:26.307296078Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.310152508Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.316312092Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CARDFILE.HLP')
2018-12-17T21:56:26.328456833Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.330505696Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.336439626Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CHARMAP.EXE')
2018-12-17T21:56:26.348116888Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.350288072Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.356208614Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CHORD.WAV')
2018-12-17T21:56:26.367163213Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.36884009Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.375215666Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CLIPBRD.EXE')
2018-12-17T21:56:26.388344278Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.390111094Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.395740957Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CONTROL.EXE')
2018-12-17T21:56:26.407220352Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.408487177Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.413956888Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CONTROL.INI')
2018-12-17T21:56:26.425565535Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.427136966Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.432830685Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\DRWATSON.EXE')
2018-12-17T21:56:26.444956929Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.446729322Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.453067313Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\EMM386.EXE')
2018-12-17T21:56:26.464611988Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.466319939Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.472305372Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\EXPAND.EXE')
2018-12-17T21:56:26.483784868Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.485547586Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.491750798Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\GLOSSARY.HLP')
2018-12-17T21:56:26.503855093Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.505619141Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.511074536Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MORICONS.DLL')
2018-12-17T21:56:26.524107864Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.525827238Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.531280316Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MPLAYER.EXE')
2018-12-17T21:56:26.542739827Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.544444267Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.557005735Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\NETWORKS.WRI')
2018-12-17T21:56:26.56942804Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.570546172Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.575813921Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\NOTEPAD.EXE')
2018-12-17T21:56:26.588750291Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.593549709Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.602898266Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PACKAGER.HLP')
2018-12-17T21:56:26.615410624Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.617014862Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.624165381Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PBRUSH.HLP')
2018-12-17T21:56:26.637682991Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.638924579Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.645746807Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PIFEDIT.EXE')
2018-12-17T21:56:26.658603282Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.66005353Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.66574289Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PIFEDIT.HLP')
2018-12-17T21:56:26.677916259Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.679314857Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.684945891Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PRINTERS.WRI')
2018-12-17T21:56:26.705444384Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.706908164Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.713310682Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PRINTMAN.EXE')
2018-12-17T21:56:26.725949814Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.727385449Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.733089858Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PRINTMAN.HLP')
2018-12-17T21:56:26.745015038Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.746452666Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.752109352Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PROGMAN.EXE')
2018-12-17T21:56:26.764027083Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.765603017Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.771272599Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PROGMAN.HLP')
2018-12-17T21:56:26.784760643Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.786209823Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.791859539Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\README.WRI')
2018-12-17T21:56:26.804192583Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.805368313Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.810647128Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\RECORDER.EXE')
2018-12-17T21:56:26.822246709Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.823671918Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.829558114Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\RECORDER.HLP')
2018-12-17T21:56:26.842710248Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.844418471Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.850339638Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\REGEDIT.EXE')
2018-12-17T21:56:26.863171081Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.864496729Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.870726808Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\REGEDIT.HLP')
2018-12-17T21:56:26.883576292Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.885984234Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.892823934Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\REGEDITV.HLP')
2018-12-17T21:56:26.904711535Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.906157307Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.91363Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T21:56:26.924706642Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.925713504Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.930305406Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SOUNDREC.EXE')
2018-12-17T21:56:26.945502763Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.946648272Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.953335959Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SYSINI.WRI')
2018-12-17T21:56:26.965240956Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.966642352Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.973473102Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\TERMINAL.HLP')
2018-12-17T21:56:26.985573064Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:26.986735528Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:26.99265357Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINHELP.HLP')
2018-12-17T21:56:27.004291054Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.005681069Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.011976211Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINLOGO.BMP')
2018-12-17T21:56:27.022950488Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.044680767Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.051857763Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINMINE.EXE')
2018-12-17T21:56:27.063084535Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.065416135Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.071549523Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINTUTOR.DAT')
2018-12-17T21:56:27.085465552Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.087801576Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.093775882Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WRITE.HLP')
2018-12-17T21:56:27.105377606Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.107723445Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.113607729Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\256COLOR.BMP')
2018-12-17T21:56:27.124733985Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.126402122Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.131624397Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\ARCADE.BMP')
2018-12-17T21:56:27.142007419Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.143705533Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.148714921Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\ARGYLE.BMP')
2018-12-17T21:56:27.157284014Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.159412199Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.164899914Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CASTLE.BMP')
2018-12-17T21:56:27.177092117Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.179404859Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.184900319Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CHARMAP.HLP')
2018-12-17T21:56:27.196990866Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.19811413Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.204435091Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CHIMES.WAV')
2018-12-17T21:56:27.215971689Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.217581206Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.22106833Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CLIPBRD.HLP')
2018-12-17T21:56:27.230753998Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.232149474Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.23658482Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\CLOCK.EXE')
2018-12-17T21:56:27.245688619Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.246782996Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.251367781Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\DING.WAV')
2018-12-17T21:56:27.260816221Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.261758519Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.26624203Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\EGYPT.BMP')
2018-12-17T21:56:27.275101885Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.2764133Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.283112205Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T21:56:27.295857399Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.296805621Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.303841154Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\HONEY.BMP')
2018-12-17T21:56:27.31621584Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.317502544Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.324789617Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MPLAYER.HLP')
2018-12-17T21:56:27.336164901Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.337689548Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.345442583Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MSD.INI')
2018-12-17T21:56:27.356773918Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.358350556Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.365700748Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\NOTEPAD.HLP')
2018-12-17T21:56:27.378229953Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.38003474Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.387126187Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PBRUSH.DLL')
2018-12-17T21:56:27.398806387Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.400385544Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.407191762Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\RAMDRIVE.SYS')
2018-12-17T21:56:27.418616922Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.420941831Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.427582246Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\RECORDER.DLL')
2018-12-17T21:56:27.439671301Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.442084036Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.448182288Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\REDBRICK.BMP')
2018-12-17T21:56:27.459498344Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.46208607Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.46785457Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\RIVETS.BMP')
2018-12-17T21:56:27.481775291Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.484433325Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.489926104Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SCRNSAVE.SCR')
2018-12-17T21:56:27.499881381Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.501503698Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.507369303Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SOL.HLP')
2018-12-17T21:56:27.517418568Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.518712374Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.522729178Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SOUNDREC.HLP')
2018-12-17T21:56:27.531494344Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.532556709Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.537065188Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SQUARES.BMP')
2018-12-17T21:56:27.545731465Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.546690543Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.551095397Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SSFLYWIN.SCR')
2018-12-17T21:56:27.573776319Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.575526843Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.581075115Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SSMARQUE.SCR')
2018-12-17T21:56:27.592554835Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.59386091Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.599758144Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\SSSTARS.SCR')
2018-12-17T21:56:27.610589013Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.611635938Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.618281331Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\TASKMAN.EXE')
2018-12-17T21:56:27.629057759Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.630460642Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.637616774Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\THATCH.BMP')
2018-12-17T21:56:27.814970506Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.81633358Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.823682477Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WININI.WRI')
2018-12-17T21:56:27.928040497Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.930234704Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.935287427Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINMINE.HLP')
2018-12-17T21:56:27.973065542Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.974911617Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.978926518Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINVER.EXE')
2018-12-17T21:56:27.988186746Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:27.990611387Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:27.997237362Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\ZIGZAG.BMP')
2018-12-17T21:56:28.007512027Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.010835321Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.016412414Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\_DEFAULT.PIF')
2018-12-17T21:56:28.02359075Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.025189695Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.029057747Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\DOSPRMPT.PIF')
2018-12-17T21:56:28.036640246Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.038426393Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.042966254Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.045178579Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.050410899Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\PROGMAN.INI')
2018-12-17T21:56:28.058335394Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.059832291Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.065220278Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\REG.DAT')
2018-12-17T21:56:28.073255051Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.074799812Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.079560497Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\MAIN.GRP')
2018-12-17T21:56:28.087795961Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.090375617Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.094031358Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\ACCESSOR.GRP')
2018-12-17T21:56:28.10162412Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.10640662Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.110283737Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\GAMES.GRP')
2018-12-17T21:56:28.117880805Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.125355547Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.143319221Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\STARTUP.GRP')
2018-12-17T21:56:28.155563714Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.170030057Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.175434969Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\APPLICAT.GRP')
2018-12-17T21:56:28.188792969Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.190689318Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.196143972Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\QBASIC.PIF')
2018-12-17T21:56:28.208143114Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.209559832Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.215194346Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\EDIT.PIF')
2018-12-17T21:56:28.226966899Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.228225162Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.234906735Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\WINFILE.INI')
2018-12-17T21:56:28.246714386Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.247992332Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.253843725Z	65	PC: 13160 \| Delete file (Filename = 'C:\WINDOWS\DOSAPP.INI')
2018-12-17T21:56:28.265883971Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.267305765Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.272203298Z	26	PC: 13019 \| Set disk transfer address
2018-12-17T21:56:28.273602799Z	79	PC: 1301d \| Find next file
2018-12-17T21:56:28.277286344Z	76	PC: 12f18 \| Terminate with return code (Return code = '0')