indicatorregistry_key
HKLM\System\CurrentControlSet\Control\Lsa\DSRMAdminLogonBehavior
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 1
Posts referencing this indicator
- Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
Registry key controlling Directory Services Restore Mode (DSRM) logon behavior. Threat actors may modify this to allow network logons using the DSRM account for persistence.