Tag
Attackers modify registry run keys or startup keys to achieve persistence by referencing a program that executes when a user logs in or the system boots.