Persistence

One of the changes malware makes in the system is to make itself resident.  Malware persistence means that the malware will still be running in background and, as much as possible, all the time. For example, malware gets executed after every boot-up of the system, or malware gets executed at a certain time of the day. The most common way for malware to achieve persistence is to drop a copy of itself in some folder in the system and make an entry in the registry.

The following view of the registry editor shows a registry entry by the GlobeImposter ransomware:  

Any entries made under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run are expected to run every time Windows starts. In this case, the GlobeImposter ransomware's executable file stored in C:\Users\JuanIsip\AppData\Roaming\huVyja.exe becomes persistent.   BrowserUpdateCheck is the registry value, while the path is the registry data. What matters under this registry key are the paths, regardless of the registry value name.

There are several areas in the registry that can trigger the execution of a malware executable file.