Is it possible to attach a file to a post here or do I need to upload it to a hosting site?
Hosting site, better if you compress the file into a .zip archive.
jaclaz
Here you go guys lets see what you can do with the file.
http//
Amar,
search for zlib compression… The header "78 DA EC" shows that the data is compressed using zlib "best compression".
The result file contains all the apps you ran, with what appears to be date time stamps mrgreen
The actual data file is 14.3MB.
Hi
Check the following Internet Search result for the search term ".bmc file extension"
Developer Microsoft
Category Raster Image Files
File Format Description
Cached bitmap file created by the Windows Remote Desktop Client (RDC), which is part of Windows Terminal Services; stores multiple bitmaps that would otherwise be repeatedly sent from the terminal server to the client.
By caching images in BMC files, the RDC program provides a substantial performance increase for remote clients, especially for low-bandwidth connections. BMC files are commonly found in the [User Profile]\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache directory.
Program(s) that open .BMC files
Microsoft Windows Remote Desktop
Seems to make sense in respect of the scenario you outlined
Hope it is of use to you. wink
I have successfully decrypted the file with zlib.
Now I have (these are just the first 5 lines, aka first 5 seconds)
1389258980 M 514 249 239 334486127 1680 1050 ?
1389258981 M 512 249 239 334487406 1680 1050 ?
1389258981 M 512 249 242 334487406 1680 1050 ?
1389258981 M 512 249 245 334487422 1680 1050 ?
1389258981 M 512 249 251 334487422 1680 1050 ?
The first digits are a unix time stamp, the "1680 1050" is my screen resolution. The "?" is a program opened for that minute, so if I opened mozilla the "?" would be replaces by "mozilla.exe"
Can anybody figure out the following
what the letter "M" stands for?
what "512" stands for?
what "249 239" stands for?
what "334486127 " stands for?
Note that in the whole file the letter M is sometimes substituted by the letter K, but no other letters.
Let me know if you want me to send the whole text.
Note that in the whole file the letter M is sometimes substituted by the letter K, but no other letters.
Could it be that stands for Mouse interaction with the program vs. Keyboard?
jaclaz
Note that in the whole file the letter M is sometimes substituted by the letter K, but no other letters.
Could it be that stands for Mouse interaction with the program vs. Keyboard?
jaclaz
Smart yeah it might be! And the other digits might be some kind of keystroke logging… What do you think?
Smart yeah it might be! And the other digits might be some kind of keystroke logging… What do you think?
Cannot say.
Maybe you can try using the mouse and keyboard in a given "pattern" (and record this pattern), i.e. start the stupid program AFTER having started another logger of some kind, like (example)
https://
jaclaz
If this was homework, I want credit.
What school is this implemented at?
If this was homework, I want credit.
…which you will have to share with me wink .
jaclaz
I tell you what, since I had my breakfast and the weather is so nice outside, you can have double the pay I am getting. mrgreen
Wait, no.
Make it triple! I am feeling extra generous today. 8)
If this was homework, I want credit.
…which you will have to share with me wink .
jaclaz