What are these registries?

[mrmz]

Hi to all,

I`m working on a malware & and found the malware modifies these registries:

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: ED C3 98 A0 14 DD 23 15 10 39 EE 58 68 2E 8B 59 C1 7D E9 83 B0 0F E5 F4 7B D3 7A B5 D9 43 27 EC 98 35 3A 72 95 6C BD D8 4D 2E 68 F0 7F 66 BF F9 7A CE 88 5B CD 34 D2 CA C1 FA 15 51 A7 9E 91 C8 AF 6D 5E 20 6D A9 E2 F7 83 A6 80 F9 85 B2 00 B3


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed: 0x00000086


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful: 0x00000084


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\LastTraceFailure: 0x00000004

I searched but I could not find what is the job of these registries.

 

[LabZero]

About the first key.

The key is designed to point to DLL-based driver for hardware-based encryption accellerator. Such a DLL has access to crypto keys stored on the NT machine, and thus, to Trojan DLL could gain access to the crypto keys.

About the other keys I can't help you.