(Image:\\nslookup.exe* OR OriginalFileName:\\nslookup.exe) ((ParentImage:\\powershell.exe OR ParentImage:\\pwsh.exe) (CommandLine:\ \-q=txt\ * OR CommandLine:\ \-querytype=txt\ *))