Registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\<GUID>\Count
Windows Xp:
{75048700-EF1F-11D0-9888-006097DEACF9} (GUI program execution).
Starting from Windows 7:
{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA} (GUI program execution).
{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F} (shortcut execution).
Overview
The purpose of the UserAssist registry key is not officially documented.
The registry key references execution of programs with a graphical
interface, installed or from a portable executable, and, starting from
Windows 7, shortcuts execution.
Information of interest
One or two main registry subkeys can be found depending on the Windows OS version:
-
On
Windows Xp:{75048700-EF1F-11D0-9888-006097DEACF9}linked to execution of executable files. -
Starting from
Windows 7:-
{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}linked to execution of executable files. -
{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}linked to execution of shortcut files.
-
Each execution is associated with an entry that contains the following notable information:
-
Full path of the executed program / shortcut (as the value name, encoded in
ROT13). -
Sometimes, the timestamp of the last execution (in the binary value data).
-
An unreliable run counter and focus count and time (in the binary value data).
References
View on GitHub