(Image:\\cmd.exe OR Image:\\powershell.exe OR Image:\\pwsh.exe OR Image:\\wt.exe OR Image:\\rundll32.exe OR Image:\\regsvr32.exe) (TargetFilename:.VHD OR TargetFilename:.bac OR TargetFilename:.bak OR TargetFilename:.wbcat OR TargetFilename:.bkf OR TargetFilename:.set OR TargetFilename:.win OR TargetFilename:.dsk)