![Vray for sketchup student version](https://cdn1.cdnme.se/5447227/9-3/2_64e61dfa9606ee7f98e9879b.png)
Monitor for newly constructed files that may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Monitor for unusual kernel driver installation activity that may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Monitor executed commands and arguments that may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems.
![process monitor boot logging process monitor boot logging](https://cdn.afterdawn.fi/screenshots/normal/14070.jpg)
It is based on the abuse of system features. This type of attack technique cannot be easily mitigated with preventive controls since XCaon has added persistence via the Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load which causes the malware to run each time any user logs in. Mis-Type has created registry keys for persistence, including HKCU\Software\bkfouerioyou, HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\. ĭtrack’s RAT makes a persistent target file with auto execution on the host start.
![process monitor boot logging process monitor boot logging](https://www.thewindowsclub.com/wp-content/uploads/2017/10/process-monitor-3.1.jpg)
BoxCaon established persistence by setting the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load registry key to point to its executable.
![Vray for sketchup student version](https://cdn1.cdnme.se/5447227/9-3/2_64e61dfa9606ee7f98e9879b.png)