((ParentImage:\\WindowsTerminal.exe OR ParentImage:\\wt.exe) ((Image:\\rundll32.exe OR Image:\\regsvr32.exe OR Image:\\certutil.exe OR Image:\\cscript.exe OR Image:\\wscript.exe OR Image:\\csc.exe) OR (Image:C\:\\Users\\Public\\* OR Image:\\Downloads\\* OR Image:\\Desktop\\* OR Image:\\AppData\\Local\\Temp\\* OR Image:\\Windows\\TEMP\\*) OR (CommandLine:\ iex\ * OR CommandLine:\ icm* OR CommandLine:Invoke\-* OR CommandLine:Import\-Module\ * OR CommandLine:ipmo\ * OR CommandLine:DownloadString\(* OR CommandLine:\ \/c\ * OR CommandLine:\ \/k\ * OR CommandLine:\ \/r\ *))) (-((CommandLine:Import\-Module* CommandLine:Microsoft.VisualStudio.DevShell.dll* CommandLine:Enter\-VsDevShell*) OR (CommandLine:\\AppData\\Local\\Packages\\Microsoft.WindowsTerminal_* CommandLine:\\LocalState\\settings.json*) OR (CommandLine:C\:\\Program\ Files\\Microsoft\ Visual\ Studio\\* CommandLine:\\Common7\\Tools\\VsDevCmd.bat*)))