ALIASES:

Trojan:Win32/Skeeyah.A!rfn (Microsoft); RDN/Generic Downloader.x (McAfee); Trojan.Gen.2 (Symantec); Trojan.Win32.Nymaim.adxp (Kaspersky); Troj/Nymaim-DN (Sophos); Trojan.Win32.Generic!BT (Sunbelt); Trojan horse Downloader.Generic14.BODG (AVG)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size: 917,504 bytes
File Type: EXE
Memory Resident: No
Initial Samples Received Date: 08 May 2017

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other System Modifications

This Trojan deletes the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2002

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2006

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2221

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2222

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllEncodeObject\#2007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2002

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2006

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2221

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2222

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 1\
CryptDllDecodeObject\#2007

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
DiagnosticPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Cryptography\Providers\Trust\
Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{DE351A42-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{C689AABA-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{DE351A43-8E59-11D0-8C47-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllPutSignedDataMsg\{941C2937-1292-11D1-85BE-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllGetSignedDataMsg\{941C2937-1292-11D1-85BE-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllRemoveSignedDataMsg\{941C2937-1292-11D1-85BE-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllCreateIndirectData\{941C2937-1292-11D1-85BE-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllVerifyIndirectData\{941C2937-1292-11D1-85BE-00C04FC295EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Cryptography\OID\EncodingType 0\
CryptSIPDllIsMyFileType2\{941C2937-1292-11D1-85BE-00C04FC295EE}

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine: 9.8

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Scan your computer with your Trend Micro product to delete files detected as TROJ_MATSNU.WXU. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Step 3

Restore these deleted registry keys/values from backup

*Note: Only Microsoft-related keys/values will be restored. If the malware/grayware also deleted registry keys/values related to programs that are not from Microsoft, please reinstall those programs on your computer.

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.15
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2004
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.25
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2008
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.20
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2009
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.28
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2005
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.30
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2130
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.4
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2003
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.10
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2000
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.26
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2001
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.27
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2002
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.11
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2006
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.12.2.1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2221
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.12.2.2
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2222
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • 1.3.6.1.4.1.311.2.1.12
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
    • #2007
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.15
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2004
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.25
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2008
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.20
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2009
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.28
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2005
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.30
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2130
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.4
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2003
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.10
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2000
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.26
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2001
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.27
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2002
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.11
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2006
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.12.2.1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2221
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.12.2.2
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2222
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • 1.3.6.1.4.1.311.2.1.12
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject
    • #2007
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {64B9D180-8DA2-11CF-8736-00AA00A485EB}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {C6B2E8D0-E005-11CF-A134-00C04FD7BF43}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {573E31F8-DDBA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {189A3842-3041-11D1-85E1-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {F750E6C3-38EE-11D1-85E5-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup
    • {FC451C16-AC75-11D1-B4B8-00C04FB66EA0}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {DE351A42-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {C689AAB8-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {C689AABA-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {C689AAB9-8E78-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {DE351A43-8E59-11D0-8C47-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
    • {941C2937-1292-11D1-85BE-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
    • {941C2937-1292-11D1-85BE-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg
    • {941C2937-1292-11D1-85BE-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData
    • {941C2937-1292-11D1-85BE-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
    • {941C2937-1292-11D1-85BE-00C04FC295EE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2
    • {941C2937-1292-11D1-85BE-00C04FC295EE}


Did this description help? Tell us how we did.