Searches for an application ID inside the registry.
Format: AppID:<key name>,<value name>
This example detects the entries of the CommonName malware in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
This is an outdated command used to detect application IDs.
- The name of the key to detect comes as first parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
- Additionally, for cases where the key might be random, all AppID keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
Flagged are only registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
- Any AppID key identified by key name.
- Any AppID key that has a default value identified by value name.