Without citing sources for you claims, your "collection" of statements is practically worthless, sorry.
Just a few less hyperbolic comments:
- The registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run certainly wasn't classified as "secret" as you claim. The page talking about a *module* which exposes functionality to create a key in that path was. It even says that on the page "Technique Origin: Internet/open-source (Well-known)".
- wrt SHA384 it's pretty clear that advice is to not truncate the result any further. Not that truncation may never happen in any form.
- Same for AES. It says minimum bit length is 256 - entirely correct from a mathematical perspective.
- It's not only about the time stamp of the executable file itself - it's also about time stamps in included files, resources or other lesser known compiler/linker artifacts that might carry time stamps with them. In general, these folks of course do care a lot about making it harder for 3rd parties to attribute anything to them. See their internal discussion about the equation group kaspersky reports.