((OriginalFileName:PowerShell.EXE OR OriginalFileName:pwsh.dll) OR (Image:\\powershell.exe OR Image:\\pwsh.exe)) (CommandLine:Set\-Acl\ * CommandLine:\-AclObject\ *) (CommandLine:\-Path\ \"C\:\\Windows* OR CommandLine:\-Path\ 'C\:\\Windows* OR CommandLine:\-Path\ %windir%* OR CommandLine:\-Path\ $env\:windir*) (CommandLine:FullControl* OR CommandLine:Allow*)