Adding WDigest status & fixing missing paths for multiple third-party applications

[cert-cwatch]

Description

Hello,

This PR adds the WDigest configuration key to the threat hunting artifacts, which may be enabled by attackers to allow credentials to be stored in plaintext in LSASS memory. This method has been documented on some ransomware cases.

This PR also fixes several registry paths for third-party application artifacts. Some entries referenced only CurrentControlSet. Because CurrentControlSet is a runtime alias and does not exist in the offline SYSTEM hive, those artifacts would not appear when parsing with RECmd.

Please let me know if this PR looks good or if any adjustments are needed.

Checklist:

Please replace every instance of [ ] with [X] OR click on the checkboxes after you submit your PR

• I have generated a unique GUID for my Batch file(s)
• I have tested and validated the new Batch file(s) against test data and achieved the desired output
• I have placed the Batch file(s) within the .\RECmd\BatchExamples directory
• I have set or updated the version of my Batch file(s)
• I have made an attempt to document the artifacts within the Batch file(s)
• I have consulted the Guide/Template to ensure my Map(s) follow the same format

Thank you for your submission and for contributing to the DFIR community!