Remote Host Port Number
173.201.179.47 8016
NICK [00|USA|492539]
PONG sv.privatenetwork.pv
USER XP-0542 * 0 :COMPUTERNAME
MODE [00|USA|492539] +su
JOIN #private
MODE #private +su
NICK [00|USA|890609]
USER XP-0460 * 0 :COMPUTERNAME
MODE [00|USA|890609] +su
* The following port was open in the system:
Port Protocol Process
1054 TCP service.exe (%Windir%service.exe)
Registry Modifications
* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_OREANS32
o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_OREANS32�000
o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_OREANS32�000Control
o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesoreans32
o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesoreans32Security
o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesoreans32Enum
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_OREANS32
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_OREANS32�000
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_OREANS32�000Control
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesoreans32
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesoreans32Security
o HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesoreans32Enum
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”
so that service.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_OREANS32�000Control]
+ *NewlyCreated* = 0x00000000
+ ActiveService = “oreans32”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_OREANS32�000]
+ Service = “oreans32”
+ Legacy = 0x00000001
+ ConfigFlags = 0x00000000
+ Class = “LegacyDriver”
+ ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
+ DeviceDesc = “oreans32”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_OREANS32]
+ NextInstance = 0x00000001
o [HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesoreans32Enum]
+ 0 = “RootLEGACY_OREANS32�000”
+ Count = 0x00000001
+ NextInstance = 0x00000001
o [HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesoreans32Security]
+ Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
o [HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesoreans32]
+ Type = 0x00000001
+ Start = 0x00000001
+ ErrorControl = 0x00000001
+ ImagePath = “%System%driversoreans32.sys”
+ DisplayName = “oreans32”
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_OREANS32�000Control]
+ *NewlyCreated* = 0x00000000
+ ActiveService = “oreans32”
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_OREANS32�000]
+ Service = “oreans32”
+ Legacy = 0x00000001
+ ConfigFlags = 0x00000000
+ Class = “LegacyDriver”
+ ClassGUID = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
+ DeviceDesc = “oreans32”
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_OREANS32]
+ NextInstance = 0x00000001
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesoreans32Enum]
+ 0 = “RootLEGACY_OREANS32�000”
+ Count = 0x00000001
+ NextInstance = 0x00000001
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesoreans32Security]
+ Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesoreans32]
+ Type = 0x00000001
+ Start = 0x00000001
+ ErrorControl = 0x00000001
+ ImagePath = “%System%driversoreans32.sys”
+ DisplayName = “oreans32”
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
service.exe %Windir%service.exe 2 719 744 bytes
* There was a new kernel-mode driver installed in the system:
Driver Name Driver Filename
oreans32.sys %System%driversoreans32.sys