(((TargetImage:\:\\Windows\\Sysmon.exe* OR TargetImage:\:\\Windows\\Sysmon64.exe*) GrantedAccess:0x1400) (-((SourceImage:\:\\Program\ Files\ \(x86\)\\* OR SourceImage:\:\\Program\ Files\\* OR SourceImage:\:\\Windows\\System32\\* OR SourceImage:\:\\Windows\\SysWOW64\\*) OR (SourceImage:\:\\ProgramData\\Microsoft\\Windows\ Defender\\Platform\\* SourceImage:\\MsMpEng.exe)))) OR CallTrace:Ente