Loads information such as the path, volume, and last run time of all executable files using the AppCompatCache key (Path: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache\AppCompatCache) data stored in the registry file. You can check the name, path, volume information, and last run time of executable files with the loaded data and use it to analyze infringement accidents.


reg-shim-cache [zipcharset=CHARSET] [zippath=ZIPFILE_PATH] FILE_PATH
Required Parameter
Path to the registry file. Using a wildcard (*) in the file name, you can retrieve all files containing a specific string pattern in the file name (e.g. D:\data\registry\*). If you provided the zippath option, input the registry file path in the ZIP file.
Optional Parameter
Character set to be used to decode the ZIP entry name and comment that are not encoded by UTF-8 encoding. Use the preferred MIME name or aliases registered in the following document:
Path to the ZIP file


The output fields are as follows:

file_pathStringExecutable file path
modified_atDateLast modification time


  1. Retrieve information by providing the file path.

    reg-shim-cache D:\data\registry\SYSTEM
  2. Retrieve information when the zippath option is provided.

    reg-shim-cache zippath=D:\data\ registry\SYSTEM