Potential Persistence Via Logon Scripts - CommandLine (21d856f9-9281-4ded-9377-51a1a6e2a432)

Detects the addition of a new LogonScript to the registry value "UserInitMprLogonScript" for potential persistence

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Persistence Via Logon Scripts - CommandLine (21d856f9-9281-4ded-9377-51a1a6e2a432)	Sigma-Rules	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	1
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	2