var logonQuery = new WqlEventQuery("__InstanceCreationEvent", $"TargetInstance isa \"Win32_LogonSession\" AND (TargetInstance.LogonType = 2 OR TargetInstance.LogonType = 10)");
_logonWatcher = new ManagementEventWatcher(logonQuery);