That's it. Valid results were returned by our faithful agent. How do we know? Reboot the target and go back to the main menu in Empire. You should still see your listener running.

Check out the timestamps in this lab demonstration. The first two agents that we needed for escalation are now dead and were last seen at 02:50. Assume it takes a minute or two to reboot. Therefore, we should expect a new agent checking in at about 02:55 or 02:56:

Whoa! Our new agent is running as SYSTEM. We now have total control of the computer and it will maintain this relationship through reboots. Permanent WMI subscriptions run as SYSTEM, rendering this not only a valuable persistence exercise, but also a solid way to elevate privileges.