TargetFilename:\\ntds.dit ((Image:\\cmd.exe OR Image:\\cscript.exe OR Image:\\mshta.exe OR Image:\\powershell.exe OR Image:\\pwsh.exe OR Image:\\regsvr32.exe OR Image:\\rundll32.exe OR Image:\\wscript.exe OR Image:\\wsl.exe OR Image:\\wt.exe) OR (Image:\\AppData\\* OR Image:\\Temp\\* OR Image:\\Public\\* OR Image:\\PerfLogs\\*))