~/ cat Regedit.exe.md █
Used by Windows to manipulate registry
Paths:
C:\Windows\System32\regedit.exe
C:\Windows\SysWOW64\regedit.exe
Detection: regedit.exe reading and writing to alternate data stream regedit.exe should normally not be executed by end-users
Alternate data streams
Export the target Registry key to the specified .REG file.
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
Import the target .REG file into the Registry.
regedit C:\ads\file.txt:regfile.reg