1
00:00:00,720 --> 00:00:09,390
‫Let's see a gather module on Windows Systems in terms of this module list, the information of the machines

2
00:00:09,390 --> 00:00:12,380
‫that have made remote desktop connections to this machine.

3
00:00:13,140 --> 00:00:19,680
‫If you use this command on a server, you can find the privileged users such as sys admins and database

4
00:00:19,680 --> 00:00:20,220
‫admins.

5
00:00:20,760 --> 00:00:27,330
‫In fact, this module looks at the Compromised Systems Registry and lists the keys and values from the

6
00:00:27,330 --> 00:00:30,470
‫path of each key user's software.

7
00:00:30,480 --> 00:00:32,880
‫Microsoft Terminal Server Client.