Registry key:


Introduced in Windows 10 1607 and removed in Windows 10 1709 (with the key not present on subsequent versions), the RecentApps is an undocumented registry key that tracks program executions and files accessed by the tracked programs.

Information of interest

Each subkey, identified with a GUID, under the RecentApps key correspond to an executed program. In these application GUID subkeys, the filename, last access timestamp, and run count of the application are stored as values.

Additionally, each application GUID subkey can have up to 10 subkeys, also identified with a GUID, that correspond to files accessed using the application. In these file GUID subkeys, the file name, file full path, and (on some OS version) a non-updated timestamp of last access are stored as values. The cycling order of the file subkeys appears to be based on the alphabetical order of the GUID and not on a first-in-first-out basis. If a new file is accessed while 10 files are already referenced, the subkeys are sorted alphabetically and the last one is removed in place of the new entry. Thus the current files referenced are not necessarily the last 10 files accessed.

The last write timestamp of an application subkey can indicate when the program was last executed. While the last write timestamp of a file subkey can indicate when the file was accessed (by the associated program).


View on GitHub