Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YNNXCertM' = '<SYSTEM32>\WatchData\YNNX CSP v3.3\YNNXCertM.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WDKeyMonitor] 'Start' = '00000002'
- '%PROGRAM_FILES%\WatchData\YNNX CSP v3.3\RegTrustedSite.exe'
- '<SYSTEM32>\WatchData\YNNX CSP v3.3\YNNXCertM.exe'
- '<SYSTEM32>\WatchData\YNNX CSP v3.3\YNNXKeyM.exe'
- '%TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\YNNX_Install.exe'
- '<SYSTEM32>\WatchData\YNNX CSP v3.3\YNNXKeyM.exe' -i
- '%PROGRAM_FILES%\WatchData\YNNX CSP v3.3\regrootcert.exe'
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\Usertool.exe
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\regrootcert.exe
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\ToolTip.jpg
- <SYSTEM32>\WatchData\YNNX CSP v3.3\YNNXKeyM.exe
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\KillProcess.exe
- <SYSTEM32>\WatchData\YNNX CSP v3.3\OCL-key.jpg
- <SYSTEM32>\WatchData\YNNX CSP v3.3\Press-key.jpg
- <SYSTEM32>\WatchData\YNNX CSP v3.3\FindProcess.exe
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\RegTrustedSite.exe
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\Top_logo.jpg
- <SYSTEM32>\WatchData\YNNX CSP v3.3\clrcert.exe
- <SYSTEM32>\WatchData\YNNX CSP v3.3\Protect.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Top_logo.jpg
- %TEMP%\install.txt
- <SYSTEM32>\WatchData\YNNX CSP v3.3\Protectini.ini
- <SYSTEM32>\WatchData\YNNX CSP v3.3\WatchSafe.ini
- <SYSTEM32>\WatchData\YNNX CSP v3.3\YNNXCertM.exe
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\ProviderName.ini
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\recfull.ico
- <SYSTEM32>\WatchData\YNNX CSP v3.3\TokenMgr.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\wdsafe3.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\wdsafe3.sig
- <SYSTEM32>\WDP11_YNNX_v33.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\wdpkcs.dll
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\YNNX_Uninstall.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\YunNan RCC UKey Tool\YunNan RCC UKey Tool v1.0.0.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\YunNan RCC UKey Tool\Uninstall.lnk
- %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\Watchdata.ico
- %ALLUSERSPROFILE%\Desktop\YunNan RCC UKey Tool v1.0.0.lnk
- <SYSTEM32>\WatchData\YNNX CSP v3.3\hodll.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\UIResT3.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\WDAlg.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\UIResC3.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\UIResE3.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\WDCSP03.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\WDEvent.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\wdkmgr.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\skpress.dll
- <SYSTEM32>\WatchData\YNNX CSP v3.3\wdcspui.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\YNNX_Install.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\YNNX_Uninstall.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\RegTrustedSite.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Usertool.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\YNNXCertM.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\skpress.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\TokenMgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\YNNXKeyM.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\hodll.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\regrootcert.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Setup.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupEnglish.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protectini.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\ProviderName.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupTraditional.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\FindProcess.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\KillProcess.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WatchSafe.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\clrcert.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResC3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\recfull.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Watchdata.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDYN.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\logo.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protect.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\Press-key.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\ToolTip.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\OCL-key.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDAlg.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdcsp03.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResE3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResT3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDCSPUI.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDP11_YNNX_v33.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDPKCS.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDEvent.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdkmgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\TokenMgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\skpress.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResC3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResT3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResE3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\YNNXKeyM.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\YNNXCertM.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\hodll.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\Press-key.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\OCL-key.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDPKCS.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDP11_YNNX_v33.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDYN.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdcsp03.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDAlg.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDCSPUI.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdkmgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDEvent.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\clrcert.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\YNNX_Uninstall.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\FindProcess.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\logo.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\KillProcess.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupEnglish.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Setup.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupTraditional.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\YNNX_Install.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Watchdata.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\ToolTip.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\RegTrustedSite.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Top_logo.jpg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WatchSafe.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Usertool.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protectini.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protect.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\ProviderName.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\regrootcert.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\recfull.ico
- from %TEMP%\install.txt to %PROGRAM_FILES%\WatchData\YNNX CSP v3.3\install.txt
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''