APT3 Reconnaissance Chain via cmd.exe

Detects reconnaissance command execution via cmd.exe with arguments typical of APT3 operators, excluding legitimate OS parent processes. Inspired by the APT3 TTP profile that abuses Windows Command Shell to run whoami, net, ipconfig, and systeminfo on compromised systems.