|
Persistence in registry is quite common - e.g. in one of the auto-run entries which respawn the code after reboot (via a common system module and some javascript code which itself is only in registry).
(Now since the registry hive is also on disk, you could argue that it's not a real fileless malware, but that's just terminology :-))
|