WinSession Logger

Posted: March 28, 2006

WinSession Logger is a commercial PC monitoring application that tracks user activity, logs all keystrokes, periodically takes screenshots, captures online chat conversations and instant messages, records addresses of visited web sites. Gathered data can be sent to a configurable e-mail address or uploaded to a predefined FTP server. WinSession Logger can be used to restrict access to certain computer utilities and prevent the user from visiting specified web sites. The application automatically runs on every Windows startup.

File System Modifications

The following files were created in the system:

# File Name

1 bootldr.exe

2 delservicew.exe

3 digiwin.dll

4 exwin32m.exe

5 install.exe

6 nxkernel32.dll

7 sp.ini

8 svchost.exe

9 svchost[X].exe

10 svclsv.exe

11 wslogger.exe

#	File Name
1	bootldr.exe
2	delservicew.exe
3	digiwin.dll
4	exwin32m.exe
5	install.exe
6	nxkernel32.dll
7	sp.ini
8	svchost.exe
9	svchost[X].exe
10	svclsv.exe
11	wslogger.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}EBT9L2DB0-B607-11d2-9CBD-0000F87A369EHKEY_LOCAL_MACHINESOFTWAREMcap4_softwareHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunxbtl=%System%ootldr.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallWinSessionLogger_is1HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessubsystem64r

WinSession Logger

File System Modifications

Registry Modifications

Leave a Reply