EventID:4697 (ServiceFileName:&&* ServiceFileName:rundll32* ServiceFileName:shell32.dll* ServiceFileName:shellexec_rundll*) (ServiceFileName:value* OR ServiceFileName:invoke* OR ServiceFileName:comspec* OR ServiceFileName:iex*)