ActivitiesCache execution

Description: Parses the Windows Activities Cache database (ActivitiesCache.db) to retrieve user activity history, applying signature checks and generic detections.

Features:

• Parses executed files and potentially other activities from ActivitiesCache.db using sqlite3.

• Performs digital signature checks on identified executables.

• Applies several generic YARA rules to flag potentially suspicious files based on common cheat characteristics.

• Can operate in normal mode (displays results in a .txt file) or CLI mode (command-line interface with output options).

Usage: Helps in reviewing recent user activity history, including application usage and file interactions logged by the Windows Timeline feature, providing another layer of execution evidence when the feature is enabled and active.

Link: https://github.com/spokwn/ActivitiesCache-execution