UAParser

What is UserAssist Artifacts ?

This is the artifacts which is inside the NTUSER.DAT file [ HKCU Registry ]. It will contain the information about what programs are executed inside the system.

Where UserAssist is located ?

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\

Infomration provided by Artifact:

This can provide which program is executed on system.
Provide the detail if the program is executed via lnk or the executable.
Provide the number of times the program is executed.
Provide the the last Modification Time
Also provide the details like focus seconds of the executed program, path of the exectubale or lnk.

Usage

python3 main.py -f <Exported HKCU>

Result

References

Program Execution Analysis using UserAssist Key in Modern Window

Windows 7 UserAssist Registry Keys Analysis

Windows userassist keys

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md
main.py		main.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

UAParser

What is UserAssist Artifacts ?

Where UserAssist is located ?

Infomration provided by Artifact:

Usage

Result

References

About

Uh oh!

Releases

Packages

Uh oh!

Languages

SatyenderYadav/UAParser

Folders and files

Latest commit

History

Repository files navigation

UAParser

What is UserAssist Artifacts ?

Where UserAssist is located ?

Infomration provided by Artifact:

Usage

Result

References

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages