:py:mod:`dissect.target.plugins.os.windows.regf.clsid` ====================================================== .. py:module:: dissect.target.plugins.os.windows.regf.clsid Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.clsid.CLSIDPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.clsid.CLSIDRecordDescriptor dissect.target.plugins.os.windows.regf.clsid.CLSIDRecord .. py:data:: CLSIDRecordDescriptor .. py:data:: CLSIDRecord .. py:class:: CLSIDPlugin(target) Bases: :py:obj:`dissect.target.plugin.Plugin` Return all CLSID registry keys. A CLSID is a globally unique identifier that identifies a COM class object (program) situated in HKEY_CURRENT_USER\Software\Classes\CLSID and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID. Malware may make use of the CLSID system to launch themselves automatically or when certain conditions are triggered. .. rubric:: References - https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm - https://www.enigmasoftware.com/what-is-clsid-registry-key/ .. py:attribute:: __namespace__ :value: 'clsid' .. py:attribute:: KEYS .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: create_records(keys) Iterate all CLSID keys from HKEY_CURRENT_USER\Software\Classes\CLSID and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID. Yields CLSIDRecords with fields: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Last modified timestamp of the registry key. clsid (string): The CLSID key name. path (uri): The CLSID path value. .. py:method:: user() Return only the user CLSID registry keys. .. py:method:: machine() Return only the machine CLSID registry keys.