((OriginalFileName:PowerShell.EXE OR OriginalFileName:pwsh.dll) OR (Image:\\powershell.exe OR Image:\\pwsh.exe)) CommandLine:Stop\-Service\ *