What is the registry path and key used for Logon Script persistence?
The persistence technique uses the registry path HKCU\Environment and creates a string value named UserInitMprLogonScript, set to the absolute path of a batch script (e.g., c:\test\11.bat). Upon user logon, the script executes automatically.
---
**Related reading:**
- Use Logon Scripts to maintain persistence — original article
- Penetration Basics - Obfuscating Strings Using Unicode Encoding
- Sophos UTM Analysis - Clearing Last WebAdmin Sessions Records
- Penetration Basics - Methods to Continuously Obtain Exchange User Inbox Emails
---
**Related reading:**
- Use Logon Scripts to maintain persistence — original article
- Penetration Basics - Obfuscating Strings Using Unicode Encoding
- Sophos UTM Analysis - Clearing Last WebAdmin Sessions Records
- Penetration Basics - Methods to Continuously Obtain Exchange User Inbox Emails
Logon ScriptspersistenceregistryUserInitMprLogonScriptHKCU\Environment