Hijack Legit RDP Session to Move Laterally (52753ea4-b3a0-4365-910d-36cff487b789)
Detects the usage of tsclient share to place a backdoor on the RDP source machine's startup folder
Detects the usage of tsclient share to place a backdoor on the RDP source machine's startup folder