EventID:4698 (TaskContent:\\AppData\\Local\\Temp\\* OR TaskContent:\\AppData\\Roaming\\* OR TaskContent:\\Users\\Public\\* OR TaskContent:\\WINDOWS\\Temp\\* OR TaskContent:C\:\\Temp\\* OR TaskContent:\\Desktop\\* OR TaskContent:\\Downloads\\* OR TaskContent:\\Temporary\ Internet* OR TaskContent:C\:\\ProgramData\\* OR TaskContent:C\:\\Perflogs\\*) (TaskContent:regsvr32* OR TaskContent:rundll32* OR TaskContent:cmd.exe<\/Command>* OR TaskContent:cmd<\/Command>* OR TaskContent:<Arguments>\/c\ * OR TaskContent:<Arguments>\/k\ * OR TaskContent:<Arguments>\/r\ * OR TaskContent:powershell* OR TaskContent:pwsh* OR TaskContent:mshta* OR TaskContent:wscript* OR TaskContent:cscript* OR TaskContent:certutil* OR TaskContent:bitsadmin* OR TaskContent:bash.exe* OR TaskContent:bash\ * OR TaskContent:scrcons* OR TaskContent:wmic\ * OR TaskContent:wmic.exe* OR TaskContent:forfiles* OR TaskContent:scriptrunner* OR TaskContent:hh.exe*)