(Image:\\cmd.exe (CommandLine:sc\ config* CommandLine:wercplsupporte.dll*)) OR (Image:\\wmic.exe CommandLine:COR_PROFILER)