Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winrdp' = '<SYSTEM32>:winrdp.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{7FD66B0E-DEDA-AD9D-71FD-11CE5CADC5E3}] 'StubPath' = '<SYSTEM32>:winrdp.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>:winrdp.exe
- '72###.s.toh.info':8042
- DNS ASK 72###.s.toh.info