(SourceImage:\\bash.exe OR SourceImage:\\cscript.exe OR SourceImage:\\cvtres.exe OR SourceImage:\\defrag.exe OR SourceImage:\\dialer.exe OR SourceImage:\\dnx.exe OR SourceImage:\\esentutl.exe OR SourceImage:\\excel.exe OR SourceImage:\\expand.exe OR SourceImage:\\find.exe OR SourceImage:\\findstr.exe OR SourceImage:\\forfiles.exe OR SourceImage:\\gpupdate.exe OR SourceImage:\\hh.exe OR SourceImage:\\installutil.exe OR SourceImage:\\lync.exe OR SourceImage:\\makecab.exe OR SourceImage:\\mDNSResponder.exe OR SourceImage:\\monitoringhost.exe OR SourceImage:\\msbuild.exe OR SourceImage:\\mshta.exe OR SourceImage:\\mspaint.exe OR SourceImage:\\outlook.exe OR SourceImage:\\ping.exe OR SourceImage:\\provtool.exe OR SourceImage:\\python.exe OR SourceImage:\\regsvr32.exe OR SourceImage:\\robocopy.exe OR SourceImage:\\runonce.exe OR SourceImage:\\sapcimc.exe OR SourceImage:\\smartscreen.exe OR SourceImage:\\spoolsv.exe OR SourceImage:\\tstheme.exe OR SourceImage:\\userinit.exe OR SourceImage:\\vssadmin.exe OR SourceImage:\\vssvc.exe OR SourceImage:\\w3wp.exe OR SourceImage:\\winscp.exe OR SourceImage:\\winword.exe OR SourceImage:\\wmic.exe OR SourceImage:\\wscript.exe) (-(((SourceImage:C\:\\Windows\\System32\\Defrag.exe OR SourceImage:C\:\\Windows\\System32\\makecab.exe) TargetImage:C\:\\Windows\\System32\\conhost.exe) OR (SourceImage:C\:\\Windows\\System32\\provtool.exe TargetImage:C\:\\Windows\\System32\\svchost.exe) OR (SourceImage:C\:\\Windows\\System32\\provtool.exe TargetImage:System) OR (SourceImage:C\:\\Windows\\System32\\userinit.exe TargetImage:C\:\\Windows\\explorer.exe) OR (SourceImage:\\WINWORD.EXE (TargetImage:C\:\\Program\ Files\ \(x86\)\\* OR TargetImage:C\:\\Program\ Files\\*)) OR ((SourceImage:C\:\\Program\ Files\\Microsoft\ Office\\* OR SourceImage:C\:\\Program\ Files\ \(x86\)\\Microsoft\ Office\\*) TargetImage:System))) (-(SourceImage:\\SysWOW64\\explorer.exe (TargetImage:C\:\\Program\ Files\ \(x86\)\\VMware\\VMware\ Tools\\vmtoolsd.exe OR TargetImage:C\:\\Program\ Files\\VMware\\VMware\ Tools\\vmtoolsd.exe)))