Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SWAgent' = '%ProgramFiles%\Soft Watcher\SWCLIENT.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\swptproc] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\swptproc] 'ImagePath' = 'SYSTEM32\DRIVERS\swptproc.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\Soft Watcher Client] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Soft Watcher Client] 'ImagePath' = '%ProgramFiles%\Soft Watcher\SWPatch.exe'
- '%ProgramFiles%\Soft Watcher\CPYARA.exe'
- '%ProgramFiles%\Soft Watcher\CARC.exe'
- '%ProgramFiles%\Soft Watcher\CARCHM.exe'
- '%ProgramFiles%\Soft Watcher\SWClient.exe'
- '%TEMP%\IXP000.TMP\setup.exe' -s
- '%ProgramFiles%\Soft Watcher\SWPatch.exe' -i
- '%ProgramFiles%\Soft Watcher\SWPatch.exe'
- Handler for all processes: %ProgramFiles%\Soft Watcher\CARCHM2.DLL
- %ProgramFiles%\Soft Watcher\Policy\SW_42.tmp
- %ProgramFiles%\Soft Watcher\Image\btn43.tmp
- %ProgramFiles%\Soft Watcher\Image\btn44.tmp
- %ProgramFiles%\Soft Watcher\Policy\HW_41.tmp
- %ProgramFiles%\Soft Watcher\Opt\SW_3E.tmp
- %ProgramFiles%\Soft Watcher\Opt\SW_3F.tmp
- %ProgramFiles%\Soft Watcher\Policy\AR_40.tmp
- %ProgramFiles%\Soft Watcher\Image\btn49.tmp
- %ProgramFiles%\Soft Watcher\Image\btn4A.tmp
- %ProgramFiles%\Soft Watcher\Image\btn4B.tmp
- %ProgramFiles%\Soft Watcher\Image\btn48.tmp
- %ProgramFiles%\Soft Watcher\Image\btn45.tmp
- %ProgramFiles%\Soft Watcher\Image\btn46.tmp
- %ProgramFiles%\Soft Watcher\Image\btn47.tmp
- %ProgramFiles%\Soft Watcher\Opt\HW_3D.tmp
- %ProgramFiles%\Soft Watcher\swp33.tmp
- %ProgramFiles%\Soft Watcher\sys34.tmp
- %ProgramFiles%\Soft Watcher\sys35.tmp
- %ProgramFiles%\Soft Watcher\sow32.tmp
- %ProgramFiles%\Soft Watcher\SWU2F.tmp
- %ProgramFiles%\Soft Watcher\SwP30.tmp
- %ProgramFiles%\Soft Watcher\pat31.tmp
- %ProgramFiles%\Soft Watcher\Dat\SWP3A.tmp
- %ProgramFiles%\Soft Watcher\Dat\pcp3B.tmp
- %ProgramFiles%\Soft Watcher\Opt\AR_3C.tmp
- %ProgramFiles%\Soft Watcher\Dat\AR_39.tmp
- %ProgramFiles%\Soft Watcher\sys36.tmp
- %ProgramFiles%\Soft Watcher\tem37.tmp
- %ProgramFiles%\Soft Watcher\Dat\AR_38.tmp
- %ProgramFiles%\Soft Watcher\Log\SWClientEN.DLL.log
- %ProgramFiles%\Soft Watcher\Log\SWCLIENT.EXE.log
- %ProgramFiles%\Soft Watcher\Result\ResultFile.ini
- %ProgramFiles%\Soft Watcher\UserEnv.ini
- %ProgramFiles%\Soft Watcher\UserKey.ini
- %ProgramFiles%\Soft Watcher\SWC5B.tmp
- %ProgramFiles%\Soft Watcher\Log\SWPatch.EXE.LOG
- %ProgramFiles%\Soft Watcher\Log\CARCHM.EXE.log
- %ProgramFiles%\Soft Watcher\Log\SWURC.dll.log
- %ProgramFiles%\Soft Watcher\Log\SWCLIENTS.dll.log
- %ProgramFiles%\Soft Watcher\Log\CARC.EXE.log
- %ProgramFiles%\Soft Watcher\Log\CPYARI.DLL.Log
- %ProgramFiles%\Soft Watcher\Log\CPYARA.EXE.log
- %ProgramFiles%\Soft Watcher\SWPolicy.ini
- %ProgramFiles%\Soft Watcher\Image\btn5A.tmp
- %ProgramFiles%\Soft Watcher\Image\btn50.tmp
- %ProgramFiles%\Soft Watcher\Image\btn51.tmp
- %ProgramFiles%\Soft Watcher\Image\btn52.tmp
- %ProgramFiles%\Soft Watcher\Image\btn4F.tmp
- %ProgramFiles%\Soft Watcher\Image\btn4C.tmp
- %ProgramFiles%\Soft Watcher\Image\btn4D.tmp
- %ProgramFiles%\Soft Watcher\Image\btn4E.tmp
- %ProgramFiles%\Soft Watcher\Image\btn57.tmp
- %ProgramFiles%\Soft Watcher\Image\btn58.tmp
- %ProgramFiles%\Soft Watcher\Image\btn59.tmp
- %ProgramFiles%\Soft Watcher\Image\btn56.tmp
- %ProgramFiles%\Soft Watcher\Image\btn53.tmp
- %ProgramFiles%\Soft Watcher\Image\btn54.tmp
- %ProgramFiles%\Soft Watcher\Image\btn55.tmp
- %ProgramFiles%\Soft Watcher\SWS2E.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dot8.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\Str9.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\isrA.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dot7.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\Fon4.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\DIF5.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\cor6.tmp
- %ProgramFiles%\Soft Watcher\CARE.tmp
- %ProgramFiles%\Soft Watcher\CARF.tmp
- %ProgramFiles%\Soft Watcher\CAR10.tmp
- %ProgramFiles%\Soft Watcher\CARD.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\defB.tmp
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\_isC.tmp
- %TEMP%\IXP000.TMP\setup.log
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\lic3.tmp
- %TEMP%\IXP000.TMP\ISSetup.dll
- %TEMP%\IXP000.TMP\layout.bin
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\data2.cab
- %TEMP%\IXP000.TMP\0x0412.ini
- %TEMP%\IXP000.TMP\data1.cab
- %TEMP%\IXP000.TMP\data1.hdr
- %TEMP%\{C6C49F2B-4D67-41CB-B83E-CFCC929F9881}\setup.ini
- %TEMP%\{C6C49F2B-4D67-41CB-B83E-CFCC929F9881}\0x0412.ini
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\set2.tmp
- %TEMP%\IXP000.TMP\SWClient.ini
- %TEMP%\IXP000.TMP\setup.ini
- %TEMP%\IXP000.TMP\setup.inx
- %TEMP%\IXP000.TMP\setup.iss
- %ProgramFiles%\Soft Watcher\CSW24.tmp
- %ProgramFiles%\Soft Watcher\Ipn25.tmp
- %ProgramFiles%\Soft Watcher\SWC26.tmp
- %ProgramFiles%\Soft Watcher\CSW23.tmp
- %ProgramFiles%\Soft Watcher\CPY20.tmp
- %ProgramFiles%\Soft Watcher\CPY21.tmp
- %ProgramFiles%\Soft Watcher\CPY22.tmp
- %ProgramFiles%\Soft Watcher\SWP2B.tmp
- %ProgramFiles%\Soft Watcher\SWP2C.tmp
- %ProgramFiles%\Soft Watcher\SWS2D.tmp
- %ProgramFiles%\Soft Watcher\SWC2A.tmp
- %ProgramFiles%\Soft Watcher\SWC27.tmp
- %ProgramFiles%\Soft Watcher\SWC28.tmp
- %ProgramFiles%\Soft Watcher\SWC29.tmp
- %ProgramFiles%\Soft Watcher\CPY1F.tmp
- %ProgramFiles%\Soft Watcher\CHM15.tmp
- %ProgramFiles%\Soft Watcher\CHW16.tmp
- %ProgramFiles%\Soft Watcher\CHW17.tmp
- %ProgramFiles%\Soft Watcher\CHM14.tmp
- %ProgramFiles%\Soft Watcher\CAR11.tmp
- %ProgramFiles%\Soft Watcher\CAR12.tmp
- %ProgramFiles%\Soft Watcher\CAR13.tmp
- %ProgramFiles%\Soft Watcher\CPY1C.tmp
- %ProgramFiles%\Soft Watcher\CPY1D.tmp
- %ProgramFiles%\Soft Watcher\CPY1E.tmp
- %ProgramFiles%\Soft Watcher\CMS1B.tmp
- %ProgramFiles%\Soft Watcher\CHW18.tmp
- %ProgramFiles%\Soft Watcher\CHW19.tmp
- %ProgramFiles%\Soft Watcher\CMS1A.tmp
- %TEMP%\IXP000.TMP\setup.inx
- %TEMP%\IXP000.TMP\setup.ini
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\setup.iss
- %ProgramFiles%\Soft Watcher\Dat\AR_1.dat.mov
- %ProgramFiles%\Soft Watcher\Opt\AR_1.opt.mov
- %TEMP%\IXP000.TMP\SWClient.ini
- %TEMP%\IXP000.TMP\data1.cab
- %TEMP%\IXP000.TMP\0x0412.ini
- %TEMP%\IXP000.TMP\setup.log
- %TEMP%\IXP000.TMP\data1.hdr
- %TEMP%\IXP000.TMP\layout.bin
- %TEMP%\IXP000.TMP\ISSetup.dll
- %TEMP%\IXP000.TMP\data2.cab
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dotnetinstaller.exe.config
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dotnetinstaller.exe
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\corecomp.ini
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\StringTable_0x0412.ips
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\_isres_0x0412.dll
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\default.pal
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\isrt.dll
- %TEMP%\1.tmp
- %TEMP%\{C6C49F2B-4D67-41CB-B83E-CFCC929F9881}\setup.ini
- %TEMP%\{C6C49F2B-4D67-41CB-B83E-CFCC929F9881}\0x0412.ini
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\setup.inx
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\DIFxData.ini
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\FontData.ini
- %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\license.rtf
- from %ProgramFiles%\Soft Watcher\Opt\SW_3F.tmp to %ProgramFiles%\Soft Watcher\Opt\SW_2.opt
- from %ProgramFiles%\Soft Watcher\Policy\AR_40.tmp to %ProgramFiles%\Soft Watcher\Policy\AR_1.ply
- from %ProgramFiles%\Soft Watcher\Opt\SW_3E.tmp to %ProgramFiles%\Soft Watcher\Opt\SW_1.opt
- from %ProgramFiles%\Soft Watcher\Opt\AR_3C.tmp to %ProgramFiles%\Soft Watcher\Opt\AR_1.opt
- from %ProgramFiles%\Soft Watcher\Opt\HW_3D.tmp to %ProgramFiles%\Soft Watcher\Opt\HW_1.opt
- from %ProgramFiles%\Soft Watcher\Policy\HW_41.tmp to %ProgramFiles%\Soft Watcher\Policy\HW_1.ply
- from %ProgramFiles%\Soft Watcher\Image\btn45.tmp to %ProgramFiles%\Soft Watcher\Image\btnExit_n.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn46.tmp to %ProgramFiles%\Soft Watcher\Image\btnExit_s.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn44.tmp to %ProgramFiles%\Soft Watcher\Image\btnExit_f.bmp
- from %ProgramFiles%\Soft Watcher\Policy\SW_42.tmp to %ProgramFiles%\Soft Watcher\Policy\SW_1.ply
- from %ProgramFiles%\Soft Watcher\Image\btn43.tmp to %ProgramFiles%\Soft Watcher\Image\btnExit_d.bmp
- from %ProgramFiles%\Soft Watcher\Dat\pcp3B.tmp to %ProgramFiles%\Soft Watcher\Dat\pcpowerstate.dat
- from %ProgramFiles%\Soft Watcher\swp33.tmp to %ProgramFiles%\Soft Watcher\swptSb.reg
- from %ProgramFiles%\Soft Watcher\sys34.tmp to %ProgramFiles%\Soft Watcher\syscfg32.exe
- from %ProgramFiles%\Soft Watcher\sow32.tmp to %ProgramFiles%\Soft Watcher\sowapt64.dll
- from %ProgramFiles%\Soft Watcher\SwP30.tmp to %ProgramFiles%\Soft Watcher\SwProtect.dll
- from %ProgramFiles%\Soft Watcher\pat31.tmp to %ProgramFiles%\Soft Watcher\patchSb.reg
- from %ProgramFiles%\Soft Watcher\sys35.tmp to %ProgramFiles%\Soft Watcher\syscfg64.exe
- from %ProgramFiles%\Soft Watcher\Dat\AR_39.tmp to %ProgramFiles%\Soft Watcher\Dat\AR_1_usr.dat
- from %ProgramFiles%\Soft Watcher\Dat\SWP3A.tmp to %ProgramFiles%\Soft Watcher\Dat\SWPatch.dat
- from %ProgramFiles%\Soft Watcher\Dat\AR_38.tmp to %ProgramFiles%\Soft Watcher\Dat\AR_1.dat
- from %ProgramFiles%\Soft Watcher\sys36.tmp to %ProgramFiles%\Soft Watcher\syscfgdy.exe
- from %ProgramFiles%\Soft Watcher\tem37.tmp to %ProgramFiles%\Soft Watcher\temp.dat
- from %ProgramFiles%\Soft Watcher\Image\btn56.tmp to %ProgramFiles%\Soft Watcher\Image\btn_next_s.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn57.tmp to %ProgramFiles%\Soft Watcher\Image\btn_prev_d.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn55.tmp to %ProgramFiles%\Soft Watcher\Image\btn_next_n.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn53.tmp to %ProgramFiles%\Soft Watcher\Image\btn_next_d.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn54.tmp to %ProgramFiles%\Soft Watcher\Image\btn_next_f.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn58.tmp to %ProgramFiles%\Soft Watcher\Image\btn_prev_f.bmp
- from %ProgramFiles%\Soft Watcher\Dat\AR_1.dat to %ProgramFiles%\Soft Watcher\Dat\AR_1.dat.mov
- from %ProgramFiles%\Soft Watcher\Opt\AR_1.opt to %ProgramFiles%\Soft Watcher\Opt\AR_1.opt.mov
- from %ProgramFiles%\Soft Watcher\SWC5B.tmp to %ProgramFiles%\Soft Watcher\SWClient.ini
- from %ProgramFiles%\Soft Watcher\Image\btn59.tmp to %ProgramFiles%\Soft Watcher\Image\btn_prev_n.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn5A.tmp to %ProgramFiles%\Soft Watcher\Image\btn_prev_s.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn52.tmp to %ProgramFiles%\Soft Watcher\Image\btn_last_s.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn4A.tmp to %ProgramFiles%\Soft Watcher\Image\btnOK_s.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn4B.tmp to %ProgramFiles%\Soft Watcher\Image\btn_first_d.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn49.tmp to %ProgramFiles%\Soft Watcher\Image\btnOK_n.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn47.tmp to %ProgramFiles%\Soft Watcher\Image\btnOK_d.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn48.tmp to %ProgramFiles%\Soft Watcher\Image\btnOK_f.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn4C.tmp to %ProgramFiles%\Soft Watcher\Image\btn_first_f.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn50.tmp to %ProgramFiles%\Soft Watcher\Image\btn_last_f.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn51.tmp to %ProgramFiles%\Soft Watcher\Image\btn_last_n.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn4F.tmp to %ProgramFiles%\Soft Watcher\Image\btn_last_d.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn4D.tmp to %ProgramFiles%\Soft Watcher\Image\btn_first_n.bmp
- from %ProgramFiles%\Soft Watcher\Image\btn4E.tmp to %ProgramFiles%\Soft Watcher\Image\btn_first_s.bmp
- from %ProgramFiles%\Soft Watcher\CAR11.tmp to %ProgramFiles%\Soft Watcher\CARCHMx32.exe
- from %ProgramFiles%\Soft Watcher\CAR12.tmp to %ProgramFiles%\Soft Watcher\CARCHMx64.exe
- from %ProgramFiles%\Soft Watcher\CAR10.tmp to %ProgramFiles%\Soft Watcher\CARCHM2.dll
- from %ProgramFiles%\Soft Watcher\CARE.tmp to %ProgramFiles%\Soft Watcher\CARCFT.dll
- from %ProgramFiles%\Soft Watcher\CARF.tmp to %ProgramFiles%\Soft Watcher\CARCHM.exe
- from %ProgramFiles%\Soft Watcher\CAR13.tmp to %ProgramFiles%\Soft Watcher\CARCV.exe
- from %ProgramFiles%\Soft Watcher\CHW17.tmp to %ProgramFiles%\Soft Watcher\CHWCFT.dll
- from %ProgramFiles%\Soft Watcher\CHW18.tmp to %ProgramFiles%\Soft Watcher\CHWCWM.dll
- from %ProgramFiles%\Soft Watcher\CHW16.tmp to %ProgramFiles%\Soft Watcher\CHWC.dll
- from %ProgramFiles%\Soft Watcher\CHM14.tmp to %ProgramFiles%\Soft Watcher\CHMPF32.dll
- from %ProgramFiles%\Soft Watcher\CHM15.tmp to %ProgramFiles%\Soft Watcher\CHMPF64.dll
- from %ProgramFiles%\Soft Watcher\CARD.tmp to %ProgramFiles%\Soft Watcher\CARC.exe
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\DIF5.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\DIFxData.ini
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\cor6.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\corecomp.ini
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\Fon4.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\FontData.ini
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\set2.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\setup.inx
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\lic3.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\license.rtf
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dot7.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dotnetinstaller.exe
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\defB.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\default.pal
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\_isC.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\_isres_0x0412.dll
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\isrA.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\isrt.dll
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dot8.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\dotnetinstaller.exe.config
- from %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\Str9.tmp to %TEMP%\{1915E39A-A01B-4D9F-B374-A1EB00F6F005}\{8460A55E-F9E8-44F1-8AA6-6314340A3B68}\StringTable_0x0412.ips
- from %ProgramFiles%\Soft Watcher\SWC28.tmp to %ProgramFiles%\Soft Watcher\SWClientLI.dll
- from %ProgramFiles%\Soft Watcher\SWC29.tmp to %ProgramFiles%\Soft Watcher\SWClientS.dll
- from %ProgramFiles%\Soft Watcher\SWC27.tmp to %ProgramFiles%\Soft Watcher\SWClientEN.dll
- from %ProgramFiles%\Soft Watcher\Ipn25.tmp to %ProgramFiles%\Soft Watcher\Ipnic.bat
- from %ProgramFiles%\Soft Watcher\SWC26.tmp to %ProgramFiles%\Soft Watcher\SWClient.exe
- from %ProgramFiles%\Soft Watcher\SWC2A.tmp to %ProgramFiles%\Soft Watcher\SWClientT.exe
- from %ProgramFiles%\Soft Watcher\SWS2E.tmp to %ProgramFiles%\Soft Watcher\SWSnap64.dll
- from %ProgramFiles%\Soft Watcher\SWU2F.tmp to %ProgramFiles%\Soft Watcher\SWURC.dll
- from %ProgramFiles%\Soft Watcher\SWS2D.tmp to %ProgramFiles%\Soft Watcher\SWSnap32.dll
- from %ProgramFiles%\Soft Watcher\SWP2B.tmp to %ProgramFiles%\Soft Watcher\SWPatch.exe
- from %ProgramFiles%\Soft Watcher\SWP2C.tmp to %ProgramFiles%\Soft Watcher\SWPolicy.ini
- from %ProgramFiles%\Soft Watcher\CSW24.tmp to %ProgramFiles%\Soft Watcher\CSWCFT.dll
- from %ProgramFiles%\Soft Watcher\CPY1C.tmp to %ProgramFiles%\Soft Watcher\CPYARA.exe
- from %ProgramFiles%\Soft Watcher\CPY1D.tmp to %ProgramFiles%\Soft Watcher\CPYARI.dll
- from %ProgramFiles%\Soft Watcher\CMS1B.tmp to %ProgramFiles%\Soft Watcher\CMSGI.dll
- from %ProgramFiles%\Soft Watcher\CHW19.tmp to %ProgramFiles%\Soft Watcher\CHWV.exe
- from %ProgramFiles%\Soft Watcher\CMS1A.tmp to %ProgramFiles%\Soft Watcher\CMSGA.exe
- from %ProgramFiles%\Soft Watcher\CPY1E.tmp to %ProgramFiles%\Soft Watcher\CPYHWA.exe
- from %ProgramFiles%\Soft Watcher\CPY22.tmp to %ProgramFiles%\Soft Watcher\CPYSWI.dll
- from %ProgramFiles%\Soft Watcher\CSW23.tmp to %ProgramFiles%\Soft Watcher\CSWC.dll
- from %ProgramFiles%\Soft Watcher\CPY21.tmp to %ProgramFiles%\Soft Watcher\CPYSWA.exe
- from %ProgramFiles%\Soft Watcher\CPY1F.tmp to %ProgramFiles%\Soft Watcher\CPYHWI.dll
- from %ProgramFiles%\Soft Watcher\CPY20.tmp to %ProgramFiles%\Soft Watcher\CPYPatchI.dll
- %ProgramFiles%\Soft Watcher\Opt\AR_1.opt
- %ProgramFiles%\Soft Watcher\Dat\AR_1.dat
- '21#.#5.63.214':15902
- '21#.#5.63.214':15903
- ClassName: '' WindowName: 'CARCHM.EXE'
- ClassName: 'CARCHM.EXE' WindowName: ''
- ClassName: 'CARC.EXE' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'CPYARA.EXE' WindowName: ''
- ClassName: '' WindowName: 'CARC.EXE'