COM Object Hijacking Via Modification Of Default System CLSID Default Value

Action1: actionname = "Registry value modified" AND (((OBJECTNAME contains "\CLSID" OR (OBJECTNAME endswith "\CLSID" AND isExist(OBJECTVALUENAME))) AND (OBJECTNAME endswith "\InprocServer32\(Default),\LocalServer32\(Default)" OR (OBJECTNAME endswith "\InprocServer32" AND OBJECTVALUENAME = "(Default)"))) AND (OBJECTNAME contains "\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\,\{2155fee3-2419-4373-b102-6843707eb41f}\,\{4590f811-1d3a-11d0-891f-00aa004b2e24}\,\{4de225bf-cf59-4cfc-85f7-68b90f185355}\,\{ddc05a5a-351a-4e06-8eaf-54ec1bc2dcea}\,\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\,\{F82B4EF1-93A9-4DDE-8015-F7950A1A6E31}\,\{7849596a-48ea-486e-8937-a2a3009f31a9}\,\{0b91a74b-ad7c-4a9d-b563-29eef9167172}\,\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\,\{30D49246-D217-465F-B00B-AC9DDD652EB7}\,\{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}\,\{2227A280-3AEA-1069-A2DE-08002B30309D}\,\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" OR (OBJECTNAME endswith "\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}" AND isExist(OBJECTVALUENAME)))) AND (INFORMATION contains ":\Perflogs\,\AppData\Local\,\Desktop\,\Downloads\,\Microsoft\Windows\Start Menu\Programs\Startup\,\System32\spool\drivers\color\,\Temporary Internet,\Users\Public\,\Windows\Temp\,%appdata%,%temp%,%tmp%" OR ((INFORMATION contains ":\Users" AND INFORMATION contains "\Favorites") OR (INFORMATION contains ":\Users" AND INFORMATION contains "\Favourites") OR (INFORMATION contains ":\Users" AND INFORMATION contains "\Contacts") OR (INFORMATION contains ":\Users" AND INFORMATION contains "\Pictures"))) select Action1.HOSTNAME,Action1.MESSAGE,Action1.OBJECTNAME,Action1.PROCESSNAME,Action1.PREVVAL,Action1.CHANGES