Definition: Prefetch files in Windows are an essential part of the operating system’s performance optimization. These files are created to speed up the loading time of applications by caching the necessary data for frequently used programs. https://www.geeksforgeeks.org/prefetch-files-in-windows/
So what? Well this is a great artifact to see if a file executed or not.
Where are these files located? C:\Windows\Prefetch Note: you can have the same program have multiple entries because it goes by path. The timestamps are off by 10 seconds.
We can get all the details using PECmd. https://ericzimmerman.github.io/#!index.md
Move this item to an easy accessible place. To run this program .\PECmd.exe -f “C:\Windows\Prefetch\<Prefetch file name>”
