(Provider_Name:Service\ Control\ Manager (EventID:7045 OR EventID:7036)) ((ServiceName:cachedump* OR ServiceName:DumpSvc* OR ServiceName:gsecdump* OR ServiceName:pwdump* OR ServiceName:UACBypassedService* OR ServiceName:WCE\ SERVICE* OR ServiceName:WCESERVICE* OR ServiceName:winexesvc*) OR ImagePath:bypass*)