(ParentImage:\\sqlservr.exe (Image:\\bash.exe OR Image:\\bitsadmin.exe OR Image:\\cmd.exe OR Image:\\netstat.exe OR Image:\\nltest.exe OR Image:\\ping.exe OR Image:\\powershell.exe OR Image:\\pwsh.exe OR Image:\\regsvr32.exe OR Image:\\rundll32.exe OR Image:\\sh.exe OR Image:\\systeminfo.exe OR Image:\\tasklist.exe OR Image:\\wsl.exe)) (-(ParentImage:C\:\\Program\ Files\\Microsoft\ SQL\ Server\\* ParentImage:DATEV_DBENGINE\\MSSQL\\Binn\\sqlservr.exe Image:C\:\\Windows\\System32\\cmd.exe CommandLine:\"C\:\\Windows\\system32\\cmd.exe\"\ *))