* Requested Host: dbsarticles.com
* Resulting Address: 75.102.24.35
* IRC Data
o User Name: XP-4072
o Host Name: *
o Server Name:
o Real Name: MICHAEL-F156CF7
o Password: xxx
o Nick Name: [USA|00|P|55591]
o Non RFC Conform: 1
+ Channel
# Name: #imb
# Password: test
# Topic Deleted: :.msn.stop|.msn.msg foto 😀 http://yorimage.yo.ohost.de/photo.php?=
# Transport Protocol: TCP
# Remote Address: 75.102.24.35
# Remote Port: 2345
# Protocol: IRC
* Open Keys…
o Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicescrypt32Performance
o Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionmsasn1
o Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
o Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun
o Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList
o Key: HKEY_LOCAL_MACHINESystemWPATabletPC
o Quantity: 2
o Key: HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter
o Quantity: 2
o Key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsLayers
o Quantity: 2
o Key: HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsLayers
o Quantity: 2
o Key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsCustomnetsh.exe
o Key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionAppCompatFlags
o Key: HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionAppCompatFlags
o Key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsCustomrndll.exe
* Set Values…
o Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
o Value: Firevall Administrating
o Data: rndll.exe
o Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun
o Value: Firevall Administrating
o Data: rndll.exe
o Key: HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList
o Value: C:12053912.exe
o Data: C:12053912.exe:*:Enabled:Firevall Administrating