((Image:\\powershell.exe OR Image:\\pwsh.exe) OR (OriginalFileName:PowerShell.EXE OR OriginalFileName:pwsh.dll) OR Description:Windows\ Powershell OR Product:PowerShell\ Core\ 6) CommandLine:.{1000,}