Technical Information
- [<HKLM>\System\CurrentControlSet\Services\TermService] 'Start' = '00000002'
- %PROGRAMDATA%\terminalserver\logging\terminalserver.utf8.log
- %HOMEPATH%\ntuser.log1
- %HOMEPATH%\ntuser
- %WINDIR%\temp\dmi8538.tmp
- %WINDIR%\temp\fxsapidebuglogfile.txt
- %WINDIR%\temp\fxstiffdebuglogfile.txt
- %WINDIR%\temp\ts_267a.tmp
- %WINDIR%\temp\ts_2b0f.tmp
- %WINDIR%\temp\ts_2bfb.tmp
- %WINDIR%\temp\ts_316a.tmp
- %WINDIR%\temp\ts_361e.tmp
- %WINDIR%\temp\ts_3852.tmp
- %WINDIR%\temp\ts_39ba.tmp
- %WINDIR%\temp\ts_4f66.tmp
- %WINDIR%\temp\ts_5080.tmp
- %WINDIR%\temp\ts_77d1.tmp
- %WINDIR%\temp\ts_8e67.tmp
- %WINDIR%\temp\8147932992814195939363050711163993686\adobearm.exe
- ClassName: 'Tform_xpuDWM' WindowName: ''
- ClassName: '' WindowName: 'tsvDWM'
- '<SYSTEM32>\rundll32.exe' printui.dll,PrintUIEntry /dl /n "TerminalServer Printer" /q' (with hidden window)
- '<SYSTEM32>\rundll32.exe' printui.dll,PrintUIEntry /dl /n "TerminalServer Printer" /q
- '<SYSTEM32>\spoolsv.exe'