Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<216>'
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- %ProgramFiles%\TerminalServer\logging\TerminalServer.utf8.log
- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
- C:\Documents and Settings\LocalService\NTUSER
- C:\Documents and Settings\NetworkService\NTUSER
- %HOMEPATH%\NTUSER
- %WINDIR%\Temp\Perflib_Perfdata_7e8.dat
- ClassName: 'StatusWindowClass' WindowName: ''
- '<SYSTEM32>\rundll32.exe' printui.dll,PrintUIEntry /dl /n "TerminalServer Printer" /q
- '<SYSTEM32>\spoolsv.exe'