Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'rdshost' = '{E94646CE-4A36-46D1-8ADD-95AF68CDB2C7}'
- <SYSTEM32>\ctfmon.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\rdshost.dll
- %WINDIR%\photo album.zip
- 'ts#.###cktiehsbdcs.com':8585
- DNS ASK ts#.###cktiehsbdcs.com