RDP Bitmap Cache

An infrastructure engineer at a leading financial institution noticed abnormal activity in the network logs that suggested remote access to several critical servers. Several RDP sessions were reported originating from an internal IP address, which raised concerns. A forensic team was consequently tasked with evaluating the extent of the breach and analyzing the attacker’s interactions with the compromised systems. The forensic investigation includes recovering evidence from the attacker’s and affected machines. Your role is to examine the triage image and provide information about the RDP connection.

File Location: C:\Users\LetsDefend\Desktop\ChallengeFile\RDPLab.7z

File Password: infected