(Provider_Name:Service\ Control\ Manager EventID:7045 (ImagePath:cmd* ImagePath:powershell*) (ImagePath:\/c* OR ImagePath:\/r*)) (ImagePath:noexit* OR (ImagePath:input* ImagePath:$*))