(((Image:\\powershell.exe OR Image:\\pwsh.exe) OR (OriginalFileName:PowerShell.Exe OR OriginalFileName:pwsh.dll)) (CommandLine:\ \-e\ * OR CommandLine:\ \-en\ * OR CommandLine:\ \-enc\ * OR CommandLine:\ \-enco*) (CommandLine:\ JAB* OR CommandLine:\ SUVYI* OR CommandLine:\ SQBFAFgA* OR CommandLine:\ aWV4I* OR CommandLine:\ IAB* OR CommandLine:\ PAA* OR CommandLine:\ aQBlAHgA*)) (-(ParentImage:C\:\\Packages\\Plugins\\Microsoft.GuestConfiguration.ConfigurationforWindows\\* OR ParentImage:\\gc_worker.exe*))