During a host-based analysis of a Windows system, an analyst finds a suspicious executable that runs every time the system boots. Which registry key is most commonly used for this type of persistence?
This is the standard Run key for system-wide startup programs.
Why this answer
The Run registry key under HKLM and HKCU is a common location for programs to automatically start at boot. Malicious software often adds entries here to achieve persistence.