|Code type||EXE, DLL, Other|
|OS Version||All OS versions|
Windows Services are one of the best known and widely used persistence mechanisms. EXE-based approach is best known, but DLLs loaded by
svchost.exe are used (also by malicious actors) as well.
Oficially, the DLL must be indicated within the
Parameters subkey, but in practice it is not required, making the detection a bit harder.2
Also remotely with