User Assist
Description: GUI-based programs launched from the desktop are tracked in the launcher on a Windows System.
Location:
- C:\Users\<username>\NTUSER.DAT
- NTUSER.DAT\Software\Microsoft\Windows\Currentversion\Explorer\UserAssist{GUID}\Count
Notes:
All values are ROT-13 Encoded
- Executable File Execution: CEBFF5CD
- Shortcut File Execution: F4E57C4B
Analysis:
Coming Soon!