EventID:4697 (ServiceFileName:&&set* ServiceFileName:cmd* ServiceFileName:\/c* ServiceFileName:\-f*) (ServiceFileName:\{0\}* OR ServiceFileName:\{1\}* OR ServiceFileName:\{2\}* OR ServiceFileName:\{3\}* OR ServiceFileName:\{4\}* OR ServiceFileName:\{5\}*)