23:51:26	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
23:51:26	rundll32.exe	write	C:\Users\AxDsan\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
23:51:26	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
23:51:26	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
23:51:26	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
23:51:26	rundll32.exe	read key	HKLM\SOFTWARE
23:51:26	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
23:51:26	rundll32.exe	read key	HKCU\Software
23:51:26	rundll32.exe	read key	HKLM\SOFTWARE\Policies
23:51:26	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ForceBFCacheCandidacyPass
23:51:26	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\ForceBFCacheCandidacyPass
23:51:25	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
23:51:25	rundll32.exe	read key	HKLM\SOFTWARE
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
23:51:25	rundll32.exe	read key	HKCU\Software
23:51:25	rundll32.exe	read key	HKLM\SOFTWARE\Policies
23:51:25	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:25	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:25	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ForceBFCacheCandidacyPass
23:51:25	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\ForceBFCacheCandidacyPass
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:25	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\OperationalData
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:25	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:25	rundll32.exe	read key	HKCU\Software\Microsoft\CTF\DirectSwitchHotkeys
23:51:24	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Anchor Color
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\International
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\AutoDetect
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\DOMStorage
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\DOMStorage
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\XDomainRequest
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\XDomainRequest
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Q300829
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\UseHR
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Enable AutoImageResize
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Move System Caret
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Show image placeholders
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\XMLHTTP
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\SmoothScroll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Print_Background
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Print_Background
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Play_Animations
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Display Inline Videos
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Display Inline Images
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\CSS_Compat
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Anchor Underline
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\RtfConverterFlags
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector\Skype
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector\VML
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\AcceptLanguage
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\CodePage\950
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Sothink Flash Downloader For IE\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Sothink Flash Downloader For IE\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Sothink Flash Downloader For IE\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Sothink Flash Downloader For IE\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Sothink Flash Downloader For IE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Sothink Flash Downloader For IE
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\Add to &Hot Keyboard
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Contexts
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\Flags
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\MenuExt
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Settings\Anchor Color
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\International
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\International\AutoDetect
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\JScriptProfileCacheEventDelay
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\DOMStorage
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\DOMStorage
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\XDomainRequest
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\XDomainRequest
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Q300829
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\UseHR
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Enable AutoImageResize
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Move System Caret
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Disable Diagnostics Mode
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Show image placeholders
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\XMLHTTP
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\SmoothScroll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Print_Background
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Print_Background
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Play_Animations
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Display Inline Videos
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Display Inline Images
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\CSS_Compat
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Anchor Underline
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\RtfConverterFlags
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\RenderingLoopMaxTime
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\MinimumSystemTimerResolution
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
23:51:16	rundll32.exe	read key	HKCU\Software
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Policies
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\ThreadingModel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Window_Min_Height
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\Window_Min_Width
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	C:\Windows\System32\ieframe.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\ieframe.dll
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32\ThreadingModel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKCU\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\localserver32\a
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win64
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win64
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win64
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\TYPELIB\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
23:51:16	rundll32.exe	read key	HKCU\TypeLib
23:51:16	rundll32.exe	read key	HKCU\TypeLib
23:51:16	rundll32.exe	read key	HKCU\TypeLib
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\version.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\scrrun.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\mpr.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\wshom.ocx
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\ThreadingModel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\WScript.Shell\CLSID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell\CLSID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell\CLSID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\WScript.Shell\CLSID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell\CLSID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell\CLSID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\WScript.Shell
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32\ThreadingModel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{842A1268-6E6A-465C-868F-8BC445B9828F}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\dpapi.dll
23:51:16	rundll32.exe	read	C:\Windows\System32\rundll32.exe
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Services\crypt32\DebugHeapFlags
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\WMI\Security\1e24f1ac-8175-49e1-91a8-a7ed66f12587
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\WMI\Security\57277741-3638-4a4b-bdba-0ac6e45da56c
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001\Name
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\jscript9.dll
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32\ThreadingModel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\INTERFACE\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000160-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000160-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000160-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\rundll32.exe
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\TelemetryClient\SampleStore\sqm\SampledOut
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\StudyId
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\TelemetryClient\SampleStore\sqm\SampledOut
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\StudyId
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A66E19E6
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\sxs.dll
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{332C4425-26CB-11D0-B483-00C04FD90119}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\INTERFACE\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000134-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000134-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{00000134-0000-0000-C000-000000000046}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivateKeyLifetimeSeconds
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCachePurgeIntervalSeconds
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Cryptography\PrivKeyCacheMaxItems
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\bcrypt.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\rsaenh.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\cryptsp.dll
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Lsa\EveryoneIncludesAnonymous
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}\AccessPermission
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}\AccessPermission
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}\AuthenticationLevel
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\AppID\{de5d803e-5d2a-4b5f-9c63-af25a465cc44}
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\AppID\rundll32.exe\AppID
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\AppID\rundll32.exe
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\AppID\rundll32.exe
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\INTERFACE\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Classes\INTERFACE\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read	C:\Windows\System32\oleaccrc.dll
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	C:\Windows\System32\rundll32.exe
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\oleacc.dll
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Direct3D
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Direct3D\Shims\Name
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Direct3D\Shims\Size
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Direct3D
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	C:\Windows\System32\rundll32.exe
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\dxgi.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\COM3\Com+Enabled
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\javascript\CLSID
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\javascript\CLSID
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001_CLASSES
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
23:51:16	rundll32.exe	read	HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\kernel.appcore.dll
23:51:16	rundll32.exe	read	C:\Windows\System32\rpcss.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\dwmapi.dll
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\uxtheme.dll
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\SessionMerging
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\FrameMerging
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\DOMStorage\MaxSubDomains
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\DOMStorage\RootDomainLimit
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\DOMStorage\DomainLimit
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Internet Explorer\DOMStorage\TotalLimit
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Application Compatibility\rundll32.exe
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE\Path
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\WMI\Security\7f8e35ca-68e8-41b9-86fe-d6adc5b327e7
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\WMI\Security\9e3b3947-ca5d-4614-91a2-7b624e0e7244
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\*
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\rundll32.exe
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\*
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\rundll32.exe
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	C:\Windows\System32\oleaut32.dll
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\wininet.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\urlmon.dll
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS\*
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS\rundll32.exe
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\bcryptprimitives.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\cryptbase.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\iertutil.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\mshtml.dll
23:51:16	rundll32.exe	read dir	C:\Windows\System32
23:51:16	rundll32.exe	read dir	C:\Windows
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	C:\Users\AxDsan\AppData\Roaming\Adobe\Acrobat\9.0\Capture3D\user_settings.txt
23:51:16	rundll32.exe	read	HKCU\Software\Wow6432Node\Adobe Acrobat\9.0\Acrobat 3DCapture\EnableCapture
23:51:16	rundll32.exe	read	HKCU\Software\Wow6432Node\Adobe Acrobat\9.0\Acrobat 3DCapture\EnableCapture
23:51:16	rundll32.exe	read	HKCU\Software\Wow6432Node\Adobe Acrobat\9.0\Acrobat 3DCapture\EnableCapture
23:51:16	rundll32.exe	read	HKCU\Software\Wow6432Node\Adobe Acrobat\9.0\Acrobat 3DCapture\EnableCapture
23:51:16	rundll32.exe	read	HKCU\Software\Wow6432Node\Adobe Acrobat\9.0\Acrobat 3DCapture\EnableCapture
23:51:16	rundll32.exe	read	HKCU\Software\Wow6432Node\Adobe Acrobat\9.0\Acrobat 3DCapture\EnableCapture
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read dir	C:\Windows\System32
23:51:16	rundll32.exe	read dir	C:\Windows
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read dir	C:\Windows\System32
23:51:16	rundll32.exe	read dir	C:\Windows
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read dir	C:\Windows\System32
23:51:16	rundll32.exe	read dir	C:\Windows
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Wow6432Node\Adobe\Acrobat 3DCapture\9.0\InstallPath\Plugin
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
23:51:16	rundll32.exe	read key	\REGISTRY\USER\S-1-5-21-3858576538-1800357988-639096320-1001
23:51:16	rundll32.exe	read dir	C:\Windows\System32
23:51:16	rundll32.exe	read dir	C:\Windows
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read dir	C:\Windows\System32
23:51:16	rundll32.exe	read dir	C:\Windows
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read	C:\Windows\System32\acaptuser64.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\acaptuser64.dll
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeDllSearchMode
23:51:16	rundll32.exe	read dir	C:\Program Files\Agnitum
23:51:16	rundll32.exe	read dir	C:\Program Files
23:51:16	rundll32.exe	read dir	C:
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
23:51:16	rundll32.exe	read	C:\Windows\Globalization\Sorting\SortDefault.nls
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000602xx
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
23:51:16	rundll32.exe	read	C:\Program Files\Agnitum\Outpost Security Suite Pro\machine.ini
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\AWINLogLevel
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\EnableAWINLog
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\OLE\AggressiveMTATesting
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\sechost.dll
23:51:16	rundll32.exe	read	C:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook64.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
23:51:16	rundll32.exe	read+exec	C:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook64.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
23:51:16	rundll32.exe	read key	\REGISTRY\MACHINE
23:51:16	rundll32.exe	read	C:\Windows\System32\en-US\rundll32.exe.mui
23:51:16	rundll32.exe	read	HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
23:51:16	rundll32.exe	read	HKCU\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
23:51:16	rundll32.exe	read	HKCU\Control Panel\Desktop\PreferredUILanguages
23:51:16	rundll32.exe	read	HKCU\Control Panel\Desktop\PreferredUILanguages
23:51:16	rundll32.exe	read	HKCU\Control Panel\Desktop\LanguageConfiguration
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\rundll32
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
23:51:16	rundll32.exe	read	HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\imm32.dll
23:51:16	rundll32.exe	read	C:\Windows\System32\imm32.dll
23:51:16	rundll32.exe	read+exec	C:\Windows\System32\combase.dll
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\SearchPathMode
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\UseFilter
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\DebugProcessHeapOnly
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\CWDIllegalInDLLSearch
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\GlobalFlag
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\MaxDeadActivationContexts
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\TrackActivationContextReleases
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\KeepActivationContextsAlive
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\BreakOnInitializeProcessFailure
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\MinimumStackCommitInBytes
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\TracingFlags
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\UnloadEventTraceDepth
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\ShutdownFlags
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\FrontEndHeapDebugOptions
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\DisableHeapLookaside
23:51:16	rundll32.exe	read	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\UseFilter