Wow, that is a nasty little bug! Can't even see the registry keys in regedit because they contain a non-ASCII value in the subkey!

Updating regedit probably moved just a tiny bit higher on some engineer's priority list :)

I thought regedit had this issue for ages, but it looks like I was thinking of null-terminated names - http://www.kahusecurity.com/2014/registry-dumper-find-and-du... (Googling shows references to this technique going back to 2004)

Fun how they protect this illicit key using permissions. Always nice to see security turned against the user by the malware.