From 3f6616c5d2fc9ff5222effda265839c0fdc49bd1 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Mon, 4 Dec 2023 20:14:04 -0500
Subject: [PATCH] Update AppCompatPCA.tkape

add documentation
---
 Targets/Windows/AppCompatPCA.tkape | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Targets/Windows/AppCompatPCA.tkape b/Targets/Windows/AppCompatPCA.tkape
index 801411102..59439d823 100644
--- a/Targets/Windows/AppCompatPCA.tkape
+++ b/Targets/Windows/AppCompatPCA.tkape
@@ -10,6 +10,8 @@ Targets:
         Path: C:\Windows\appcompat\pca
 
 # Documentation
+# https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
+# https://blog.sygnia.co/diving-into-the-new-windows-11-pca-artifact
 # Credit to rancio#4162 on the Digital Forensics Discord Server who noticed this artifact - https://discord.com/channels/427876741990711298/427936091220344833/1057680326484299786
 # This artifact appears to be on Windows 11 only and will comprise of the following files:
 # C:\Windows\appcompat\pca\PcaAppLaunchDic.txt