Windows Remote Desktop Services enables users to share local drives to a Terminal Server with read and write permissions, under virtual network location “tsclient” (+ the letter of the drive). Under remote connection, cybercriminals can impart cryptocurrency miners, info-stealers and ransomware; and since it’s in RAM, they can do so without leaving any footprints behind.