PC Watch

Posted: March 28, 2006

PC Watch is a typical commercial keylogging tool that records all user keystrokes and captures screenshots. The application doesn't have any additional functionality. It must be manually installed. PC Watch automatically runs on every Windows startup.

File System Modifications

The following files were created in the system:

# File Name

1 pcwatch.exe

#	File Name
1	pcwatch.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREClassesaxsCaptureScrn.axsCapScreenHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionAppPathspcwatch.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunPCWatchHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallST5UNST
The following CLSID's were detected:
HKEY..\..\{CLSID Path}FAEEE763-117E-101B-8933-08002B2F4F5ABDC217C8-ED16-11CD-956C-0000C04E4C0AAF709562-19F1-46C5-A1D6-BDE4C1954AE03B7C8863-D78F-101B-B9B5-04021C0094021FAA49C4-16B7-4D28-8930-31BE1810D94300028C01-0000-0000-0000-00000000004600025E01-0000-0000-C000-000000000046FAEEE762-117E-101B-8933-08002B2F4F5AED117630-4090-11CF-8981-00AA00688B10E9A5593C-CAB0-11D1-8C0B-0000F8754DA1DD57DFFB-4F5C-4E0A-9CB7-ACC72DB83D6DD359BBEE-EB3D-4F7C-9663-389757252561BDC217C7-ED16-11CD-956C-0000C04E4C0AB78B0E98-0431-4A6B-8C3D-F240FE8725F5AB14F05E-4C1D-49DC-8BD5-9E6B510B3EBA9F6AA700-D188-11CD-AD48-00AA003C9CB68FD8673F-8191-45B9-914F-E23E924134378A214157-8E32-4ED8-A025-C9B6758B5E1B859321D0-3FD1-11CF-8981-00AA00688B106F9584CB-3DDB-457B-8E8A-740936F5B2FF58FF1147-89E7-4243-BAEE-0855276181D13B7C8862-D78F-101B-B9B5-04021C0094022FC39DC8-1E37-4550-AE17-0B7BA1E5A9D82A4FCCB0-DFF1-11CF-8E74-00A0C90F26F809194002-DF6E-11CF-8E74-00A0C90F26F809194000-DF6E-11CF-8E74-00A0C90F26F802A69B02-081B-101B-8933-08002B2F4F5AFAEEE760-117E-101B-8933-08002B2F4F5ADE5C2449-65D5-4413-BFCF-6BFCDF294665D0E0AA20-3082-11CF-AEBE-00AA00A8F7F3CA4D1C39-9335-4622-9F49-5B6D965DACC6BDC217C5-ED16-11CD-956C-0000C04E4C0AB617B991-A767-4F05-99BA-AC6FCABB102EAFC634B0-4B8B-11CF-8989-00AA00688B10AB39D9A0-557A-11CF-AEBE-00AA00A8F7F37DA06D40-54A0-11CF-A521-0080C77A778678E5A540-1850-11CF-9D53-00AA003C9CB6557B6D32-B508-4CDB-AF73-CF9B1C9D8B404E54B27F-895D-4B6C-8F37-621FA0FC40183B7C8860-D78F-101B-B9B5-04021C00940232CAAACB-B36E-47E0-A388-93AE3C1A6C8202A69B00-081B-101B-8933-08002B2F4F5A00028C0E-0000-0000-0000-00000000004600028C0D-0000-0000-0000-00000000004600028C08-0000-0000-0000-00000000004600028C04-0000-0000-0000-00000000004600028C03-0000-0000-0000-00000000004600028C00-0000-0000-0000-00000000004600000019-0000-0010-8000-00AA006D2EA400000018-0000-0010-8000-00AA006D2EA400000017-0000-0010-8000-00AA006D2EA400000016-0000-0010-8000-00AA006D2EA400000015-0000-0010-8000-00AA006D2EA400000014-0000-0010-8000-00AA006D2EA400000013-0000-0010-8000-00AA006D2EA400000011-0000-0010-8000-00AA006D2EA400000010-0000-0010-8000-00AA006D2EA4

PC Watch

File System Modifications

Registry Modifications

Leave a Reply