-Finished-
Detection of modification of registry key "Common Startup" located in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\" and "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\". When user logon, files in the Startup Folder are launched. Attacker may modify these forlders with other to evade detection set on these default folders. Detection focus at the same time on the EventID 4688 with the process creation and EventID 4657 for the modification of Registry Key.
-Finished- Detection of modification of registry key "Common Startup" located in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\" and "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\". When user logon, files in the Startup Folder are launched. Attacker may modify these forlders with other to evade detection set on these default folders. Detection focus at the same time on the EventID 4688 with the process creation and EventID 4657 for the modification of Registry Key.