((ParentImage:\\caddy.exe OR ParentImage:\\httpd.exe OR ParentImage:\\nginx.exe OR ParentImage:\\php\-cgi.exe OR ParentImage:\\php.exe OR ParentImage:\\tomcat.exe OR ParentImage:\\UMWorkerProcess.exe OR ParentImage:\\w3wp.exe OR ParentImage:\\ws_TomcatService.exe) OR ((ParentImage:\\java.exe OR ParentImage:\\javaw.exe) (ParentImage:\-tomcat\-* OR ParentImage:\\tomcat*)) OR ((ParentImage:\\java.exe OR ParentImage:\\javaw.exe) (ParentCommandLine:CATALINA_HOME* OR ParentCommandLine:catalina.home* OR ParentCommandLine:catalina.jar*))) (Image:\\arp.exe OR Image:\\at.exe OR Image:\\bash.exe OR Image:\\bitsadmin.exe OR Image:\\certutil.exe OR Image:\\cmd.exe OR Image:\\cscript.exe OR Image:\\dsget.exe OR Image:\\hostname.exe OR Image:\\nbtstat.exe OR Image:\\net.exe OR Image:\\net1.exe OR Image:\\netdom.exe OR Image:\\netsh.exe OR Image:\\nltest.exe OR Image:\\ntdsutil.exe OR Image:\\powershell_ise.exe OR Image:\\powershell.exe OR Image:\\pwsh.exe OR Image:\\qprocess.exe OR Image:\\query.exe OR Image:\\qwinsta.exe OR Image:\\reg.exe OR Image:\\rundll32.exe OR Image:\\sc.exe OR Image:\\sh.exe OR Image:\\wmic.exe OR Image:\\wscript.exe OR Image:\\wusa.exe) (-((ParentImage:\\java.exe CommandLine:Windows\\system32\\cmd.exe\ \/c\ C\:\\ManageEngine\\ADManager\ \"Plus\\ES\\bin\\elasticsearch.bat\ \-Enode.name=RMP\-NODE1\ \-pelasticsearch\-pid.txt) OR (ParentImage:\\java.exe (CommandLine:sc\ query* CommandLine:ADManager\ Plus*))))