TROJ_MATSNU.WXU
Trojan:Win32/Skeeyah.A!rfn (Microsoft); RDN/Generic Downloader.x (McAfee); Trojan.Gen.2 (Symantec); Trojan.Win32.Nymaim.adxp (Kaspersky); Troj/Nymaim-DN (Sophos); Trojan.Win32.Generic!BT (Sunbelt); Trojan horse Downloader.Generic14.BODG (AVG)
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other System Modifications
This Trojan deletes the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2004
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2005
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2221
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2222
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2004
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2005
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2221
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2222
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2007
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{941C2937-1292-11D1-85BE-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{941C2937-1292-11D1-85BE-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{941C2937-1292-11D1-85BE-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{941C2937-1292-11D1-85BE-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{941C2937-1292-11D1-85BE-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{941C2937-1292-11D1-85BE-00C04FC295EE}
This report is generated via an automated analysis system.
SOLUTION
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Scan your computer with your Trend Micro product to delete files detected as TROJ_MATSNU.WXU. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Step 3
Restore these deleted registry keys/values from backup
*Note: Only Microsoft-related keys/values will be restored. If the malware/grayware also deleted registry keys/values related to programs that are not from Microsoft, please reinstall those programs on your computer.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.15
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2004
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.25
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2008
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.20
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2009
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.28
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2005
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.30
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2130
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.4
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2003
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.10
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2000
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.26
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2001
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.27
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2002
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.11
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2006
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.12.2.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2221
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.12.2.2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2222
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- 1.3.6.1.4.1.311.2.1.12
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
- #2007
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.15
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2004
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.25
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2008
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.20
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2009
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.28
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2005
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.30
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2130
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.4
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2003
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.10
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2000
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.26
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2001
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.27
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2002
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.11
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2006
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.12.2.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2221
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.12.2.2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2222
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- 1.3.6.1.4.1.311.2.1.12
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
- #2007
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {64B9D180-8DA2-11CF-8736-00AA00A485EB}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {189A3842-3041-11D1-85E1-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
- {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {DE351A42-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {DE351A42-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {DE351A42-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {DE351A42-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {DE351A42-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {DE351A42-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {C689AABA-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {C689AABA-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {C689AABA-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {C689AABA-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {C689AABA-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {C689AABA-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {DE351A43-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {DE351A43-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {DE351A43-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {DE351A43-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {DE351A43-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {DE351A43-8E59-11D0-8C47-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
- {941C2937-1292-11D1-85BE-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
- {941C2937-1292-11D1-85BE-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
- {941C2937-1292-11D1-85BE-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
- {941C2937-1292-11D1-85BE-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
- {941C2937-1292-11D1-85BE-00C04FC295EE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
- {941C2937-1292-11D1-85BE-00C04FC295EE}
Did this description help? Tell us how we did.