drop registry export · detect registry key names that closely mimic legitimate key names · identify homoglyph and whitespace tricks in key names · surface attacker persistence hidden in look-alike key names · runs locally
parses [HKEY_*] key headers from .reg · or KeyPath column from csv · fuzzy match · homoglyph · whitespace · null-byte
drop registry .reg export or csv with key paths