Secondary Categories: 02-Persistence

UserInitMprLogonScript

This key doesn’t exist by default. Add the key and just provide the path of the binary you want to call, or command to run, and on reboot it will execute.

This key is rarely swept for by defenders, but would potentially be caught of endpoint protection software is monitoring the creation of all keys.

HKCU\Environment\UserInitMprLogonScript

Also Check Out:

  • PLACEHOLDER