I got one of those, and a couple more that go into detail of what file is accessing what other file on the drive, plus another decompiler to get down to the nitty gritty of what the associated files do..Originally Posted by TurcoLoco
Some of them are pretty complicated, it's hard to tell what is normal GUI code but some of the codec's for videos and some of the dlls have very abnormal file creation, and registry track erasing strings that are intermingling with the network stack and mspaint.
I noticed that one of the codec dll's is polling and placing data skimmed from user.dat and classes, "registry files" into an mspaint type tool brush action. I'm having a hard time locating the "log" file created but it looks like it makes a gif, then puts it in a memory address/buffer location, without saving it to the drive.
Looks like the the network stack, and the network card are programmed to poll this buffer/address area for data to use for "packet padding" so that it can have a propper sized packet...
An easy but time consuming way to get data from the registry onto the network without permission from the firewall or the router..
Reply With Quote