What Is a Registry Key?
Short definition: The virtual containers of registry subkeys and values in Windows Registry Editor.
Extended definition:
Registry Key or registry keys are the main holders of the subkeys, that contain the registry values. You can think of them as folders. There are 5 main registry key is that exist in Windows Registry Editor:
- HKEY_CLASSES_ROOT (HKCR)
- HKEY_CURRENT_USER (HKCU)
- HKEY_LOCAL_MACHINE (HKLM)
- HKEY_USERS (HKU)
- HKEY_CURRENT_CONFIG (HKCC)
Each registry key of those contains different types of settings of different components of Windows. Modifying such a registry key may result in changing of all types of settings of your computer system. This is where malware comes in as many cybercriminals abuse those registry keys and modify registry values in the subkeys that are located within them. For example, malware authors could abuse the editor to set entries to run files automatically on Windows start-up and they would use the following registry keys to add values in them that are programmed to do so:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This logic may apply to all aspects of Windows, and even the installed programs in it. The hackers can use a registry key, for example to control your default web browser’s home page and generally for all types of settings on other software that may be installed as well.
For more definitions, check our Cyber Dictionary.