This challenge is really straight-forward and just a knowledge check if you know about EZTools (https://ericzimmerman.github.io/#!index.md)
We start with an NTUSER.dat file, which we will open up in EZ’s Registry Explorer
Once we have this open, we can browse through some of the bookmarked items for anything interesting.
If we look at the recent documents we can see a couple interesting files.
the one that we end up needing is VJGSuERgCoVhl6mJg1x87faFOPIqacI3Eby4oP5MyBYKQy5paDF.b62.lnk
The file name gives us a hint as to how we will decode this, base 62
flag{4b676ccc1070be66b1a15dB601c8d500}
Killian Sherer 