Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wdcertm_nd34E' = '<SYSTEM32>\WatchData\Watchdata CSP v3.3\WDCertMND33.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\WDKeyMonitor] 'Start' = '00000002'
- '<SYSTEM32>\WatchData\Watchdata CSP v3.3\WDCertMND33.exe'
- '<SYSTEM32>\WatchData\Watchdata CSP v3.3\WDKeyMonitor.exe'
- '%TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WD_Install.exe'
- '<SYSTEM32>\WatchData\Watchdata CSP v3.3\WDKeyMonitor.exe' -i
- '%WINDIR%\regedit.exe' /s "%PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\installE.reg"
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\install.reg
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\installT.reg
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\WEUsertool.exe
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDPKCSUtil.exe
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\installE.reg
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\TokenMgr.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\UIResC3.dll
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\unistall.reg
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\uninstall64.reg
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDKeyMonitor.exe
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\logo.bmp
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\ProviderName.ini
- %TEMP%\install.txt
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\clrcert.exe
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\recfull.ico
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\Protect.sig
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDCertMND33.exe
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WatchSafe.ini
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\Protectini.ini
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\UIResE3.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\wdsafe3.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\wdsafe3.sig
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\wdcrwv.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\hodll.dll
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\WD_Uninstall.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\WD UKey Tool v3.3\WD UKey User Tool v3.3.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\WD UKey Tool v3.3\Uninstall.lnk
- %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\WatchData.ico
- %ALLUSERSPROFILE%\Desktop\WD UKey User Tool v3.3.lnk
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\SKPress.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDCSP03.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\wdcspui.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\UIResT3.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDAlg.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDEvent.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\wdpkcs.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\WDSKF.dll
- <SYSTEM32>\WatchData\Watchdata CSP v3.3\wdkmgr.dll
- <SYSTEM32>\WDP11_ND_v33.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WDPKCSUtil.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WEUsertool.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WDCertMND33.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WDKeyMonitor.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\hodll.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResC3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResE3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\SKPress.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\TokenMgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WD_Uninstall.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Setup.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupEnglsh.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protectini.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\ProviderName.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupTraditional.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\RegTrustedSite.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WD_Install.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WatchSafe.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\clrcert.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResT3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WatchData.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\install.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\logo.bmp
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\recfull.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\installE.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\unistall.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protect.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\installT.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\uninstall64.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDSKF.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDCSP03.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdcspui.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDAlg.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdcrwv.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDEvent.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdpkcs.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdkmgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDP11_ND_v33.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResC3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\TokenMgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResE3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDAlg.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\UIResT3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WDPKCSUtil.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WDKeyMonitor.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WEUsertool.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\SKPress.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\hodll.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdpkcs.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDP11_ND_v33.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDSKF.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdsafe3.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDCSP03.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdcrwv.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdcspui.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\wdkmgr.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\csp3.0\WDEvent.dll
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\clrcert.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WD_Uninstall.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\install.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\installT.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\installE.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupEnglsh.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Setup.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\SetupTraditional.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WD_Install.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\WatchData.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\uninstall64.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\RegTrustedSite.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\unistall.reg
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WDCertMND33.exe
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\WatchSafe.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protect.sig
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\logo.bmp
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\Protectini.ini
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\recfull.ico
- %TEMP%\RarSFX0\WatchSafe 3 User_ND Setup\Tools\ProviderName.ini
- from %TEMP%\install.txt to %PROGRAM_FILES%\WatchData\WD UKey Tool v3.3\install.txt
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''