Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Generic Host Process for Win32 Services] 'ImagePath' = '%WINDIR%\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Generic Host Process for Win32 Services] 'Start' = '00000002'
- '%WINDIR%\svchost.exe' /del "<Полный путь к файлу>"
- <SYSTEM32>\lsass.exe
- %WINDIR%\svchost.exe