Registry Location:

HKCU

Key Location:

\Software\Microsoft\Office\{version}\Common\Open Find\{product}\Settings\Open\File Name MRU

Description:

Value is Reg_Multi_SZ containing a list of file names

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Office\{version}\Common\Open Find\{product}\Settings\Save As\File Name MRU

Description:

Value is Reg_Multi_SZ containing a list of file names

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Nico Mak Computing\WinZip\filemenu

Description:

List of recently used WinZip archives

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Description:

List of recently opened files

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Description:

List of commands entered in run dialogue box

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Internet Explorer\ExplorerBars\\ContainingTextMRU

Description:

List of text entered into Internet Explorer Bars

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Internet Explorer\IntelliForms\SPW

Description:

List of passwords entered into Internet Explorer

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

HKCU\Software\Microsoft\Protected Storage System Provider\{SID}\Internet Explorer\Internet Explorer

Description:

HKCU\Software\Microsoft\Protected Storage System Provider\{SID}\Internet Explorer\Internet Explorer

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Description:

List of files opened or saved via explorer style dialogue boxes, with separate keys for specific file types

..................................................................................................................................................

Registry Location:

HKCU

Key Location:

R\Software\Microsoft\Internet Explorer\Download Directory

Description:

Location of the last used directory to save a downloaded file

..................................................................................................................................................

Triage LHF module reports on this key