`clsid.user`#

$ target-query <path/to/target> -f clsid.user

Details#
Module	`os.windows.regf.clsid.CLSIDPlugin`
Output	`records`

Module documentation

Return all CLSID registry keys.

A CLSID is a globally unique identifier that identifies a COM class object (program) situated in HKEY_CURRENT_USERSoftwareClassesCLSID and HKEY_LOCAL_MACHINESOFTWAREClassesCLSID. Malware may make use of the CLSID system to launch themselves automatically or when certain conditions are triggered.

References:

https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm
https://www.enigmasoftware.com/what-is-clsid-registry-key/

Function documentation

Return only the user CLSID registry keys.

clsid.user#

`clsid.user`#