clsid.user
#
$ target-query <path/to/target> -f clsid.user
Module |
|
Output |
|
Module documentation
Return all CLSID registry keys.
A CLSID is a globally unique identifier that identifies a COM class object (program) situated in HKEY_CURRENT_USERSoftwareClassesCLSID and HKEY_LOCAL_MACHINESOFTWAREClassesCLSID. Malware may make use of the CLSID system to launch themselves automatically or when certain conditions are triggered.
- References:
Function documentation
Return only the user CLSID registry keys.