((Image:\\Regsvcs.exe OR Image:\\Regasm.exe) OR (OriginalFileName:RegSvcs.exe OR OriginalFileName:RegAsm.exe)) (CommandLine:\\AppData\\Local\\Temp\\* OR CommandLine:\\Microsoft\\Windows\\Start\ Menu\\Programs\\Startup\\* OR CommandLine:\\PerfLogs\\* OR CommandLine:\\Users\\Public\\* OR CommandLine:\\Windows\\Temp\\*)