Renamed Visual Studio Code Tunnel Execution

Action1: actionname = "Process started" AND (((isNotExist(ORIGINALFILENAME) AND COMMANDLINE endswith ".exe tunnel") OR (COMMANDLINE contains ".exe tunnel" AND COMMANDLINE contains "--name " AND COMMANDLINE contains "--accept-server-license-terms") OR (COMMANDLINE contains "tunnel " AND COMMANDLINE contains "service" AND COMMANDLINE contains "internal-run" AND COMMANDLINE contains "tunnel-service.log")) AND PROCESSNAME notendswith "\code-tunnel.exe,\code.exe") OR ((PARENTPROCESSCOMMANDLINE endswith " tunnel" AND PROCESSNAME endswith "\cmd.exe" AND (COMMANDLINE contains "/d /c " AND COMMANDLINE contains "\servers\Stable-" AND COMMANDLINE contains "code-server.cmd")) AND PARENTPROCESSNAME notendswith "\code-tunnel.exe,\code.exe") select Action1.HOSTNAME,Action1.MESSAGE,Action1.COMMANDLINE,Action1.FILE_NAME,Action1.PROCESSNAME,Action1.USERNAME,Action1.PARENTPROCESSNAME