Checklist Gather an initial snapshot with RegShot Run Procmon Run Wireshark Start Process Explorer or Process Hacker If needed, setup a virtual network with ApateDNS or INetSim