A forum for reverse engineering, OS internals and malware analysis
socks_id ip port id ID .DEFAULT\Software\AMService\CallBack RA RP getsockopt Failed: 89.248.165.137 89.149.209.156 46.4.95.85 78.46.66.25 : CheckPort25DateTime CheckPort25Result maila.microsoft.com:25 check25 trayrun.com syssem.com intl32.com sysdll.net AMService run \ .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run start reboot run myreboot version 127.0.0.1 /executeQuery.php /CallBack/SomeScripts/mgsNewPeer.php /SocksGates/GetIP.php /CallBack/SomeScripts/mgsGetMGList.php /CallBack/SomeScripts/update25.php /perl/scripts/errorSocks.pl /CallBack/SomeScripts/mgsGatewayUpdate.php /CallBack/SomeScripts/mgsFirewallRules.php /CallBack/SomeScripts/mgsNewSocks.php /CallBack/SomeScripts/mgsSocksSettings.php /CallBack/SomeScripts/mgsGatewayAbuse.php /perl/scripts/sendTrafficInf.pl /perl/scripts/getReaddress.pl /CallBack/SomeScripts/mgsFirewallSimple.php /perl/scripts/errorMG.pl /CallBack/SomeScripts/mgsGatewayUpdateFull.php Max params amount exceeded ( ) number script " " [ ] = ; 1A2B3C4D5E6F failed on query executePredefinedQuery: -- Content-Disposition: form-data; name=" " --POST HTTP/1.0 Host: Content-Type: multipart/form-data; boundary= Content-Length: - < </ td table trThread renamed to be more informative.
