← Back to Labs

Windows Persistence Mechanism Map

Select a persistence technique and inspect the registry or filesystem surface it abuses, plus the trigger that brings the malware back.

Run key
trigger: user logon
Step 1 / 6
registry / filesystem path
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
artifact to inspect
string value -> command or executable path
Technique 1 / 6Run key

Simple user-level persistence. The malware writes a command to a registry key that Windows reads when the user logs in.

Arrow keys to navigate · R to reset

Tap dots to jump to any step

Read the full article →Take the quiz →