Secondary Categories: 02 - Persistence Links: Startup Folder for Persistence
UserInitMprLogonScript
This key doesnβt exist by default. Add the key and just provide the path of the binary you want to call, or command to run, and on reboot it will execute.
This key is rarely swept for by defenders, but would potentially be caught of endpoint protection software is monitoring the creation of all keys.
HKCU\Environment\UserInitMprLogonScript
Netsh
RunOnce / Run
Title | URL |
---|---|
Windows Persistence using Netsh | https://www.hackingarticles.in/windows-persistence-using-netsh/ |
Hunting for Persistence: Registry Run Keys / Startup Folder | https://intel471.com/blog/hunting-for-persistence-registry-run-keys-startup-folder |